username and password

Posted on 2008-10-02
Medium Priority
Last Modified: 2012-05-05
Hi Experts,

By default, cisco ASA 5505 has blank username and password when you connect to it either by console or through IE https.

Is a good idea to place a username and password in global mode level, enable level and in e0/0 (outside interface). What is the best practice to put the username and password and how you will go about put one in (eg CLI command).

Appreciate any help
Question by:mcse2007
  • 5
  • 3
LVL 24

Assisted Solution

DMTechGrooup earned 200 total points
ID: 22631119
enable password myEnableSecret encrypted

 Set the enable password (displays encrypted). Displays in encrypted form, with the word "encrypted" at the end. Note that when entering the command leave off  "encrypted" keyword or the PIX will assume that the string you are putting in is the encryption of the actual password.  

passwd myLoginSecret encrypted

 Set the user mode password, the first password challenge when using Telnet.  Note that when executing the command leave off the "encrypted" keyword or the PIX will assume that the string you are putting in is the encryption of the actual password.

LVL 12

Accepted Solution

Pugglewuggle earned 1000 total points
ID: 22631340
Hi mcse2007 - good to see you again!
The standard for securing Cisco devices with username and password info is to use AAA - Authentication, Authorization, and Accounting.
While it is still advisable to leave the password and enable password commands in the config in case something comes up, the proper way to do it is to use AAA. Cisco will tell you the same thing.
Here are the commands you need to activate AAA as well as the password and enable password:
! This sets up AAA to use the local AAA database to authenticate all connection methods
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authorization exec authentication-server
! This sets up the non-AAA management passwords. You MUST remember the enable
! password to use the enable command with
enable password  <Your Enable Here>
passwd <Your Regular Password Here>
! This sets up a username to manage the device
username <Your Username Here> password <Your Password Here> privilege 15
! This sets up a username to connect via VPN or something else
username <Your Username Here> password <Your Password Here> privilege  0
Replace everything in brackets with your values.
Please note that you MUST remember the enable password to make changes to your device. If you already have one you don't need to run this command.
Also, you don't need to make the privilege 0 user - I was just using that as an example - however, you MUST have at least one privilege 15 user to manage the device.
From now on, when connecting to the console or command line, use the username and password combo to login and then use the enable password to enable.
When connecting via ASDM, just use the username/password combo.
Do note that you create VPN users with the database command as well - just with privilege 0.
Cheers! I hope that helps!
LVL 12

Expert Comment

ID: 22631347
Forgot to mention - one other feature is that in a big company that has centralized password management - AAA is used to connect to an AAA server - that way every device in the organization can be managed with a username and password that is only set once on the AAA server! Very cool.
AAA servers include RADIUS servers and TACACS+ servers. However, for a small setup, using one of these servers is uncessary and a pain to manage. It's best to use the LOCAL database as the commands I sent you do.
Cheers again!
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  


Author Closing Comment

ID: 31502658
Again, appreciated your input. BTW, Pugglewuggle how many cisco asa do you manage @ work?
LVL 12

Expert Comment

ID: 22639930
Hi mcse2007 - actually manage 3 ASA 5505s, 1 ASA 5520 and 1 ASA 5510 at work. On the side I run my own networking design and consulting company. At client sites I've installed over 20 ASAs. Pretty shoddy I only make $10 an hour at my real job though... I guess it's because I'm only 20. It does seem like I can roll with the pros on here with no problem though... I just don't know how to get paid more! :-P

Author Comment

ID: 22642781
Good for you Pugglewuggle.

Here in Sydney, Australia, Cisco engineers are in hot demand perhaps you should consider moving  for better pay :-)

BTW, does Cisco offers certification in PIX firewall?
LVL 12

Expert Comment

ID: 22642923
Cisco does offer a professional level security cert called a CCSP and of course there's the Security CCIE.
I actually have always wanted to visit AU... what is the salary there? I'm in Texas in the United States and TX currently has the hottest economy in the country.
Just curious!

Author Comment

ID: 22643171
It varies depending particularly on the company (e.g private, publicly listed etc) but usually, the following are close indication of what the market offers in AUD currency.
CCNA =<65K
CCNP =>75K
CCIE =>110K
LVL 12

Expert Comment

ID: 22643218
That's about what they are here (except CCIE is more like $100,000+ USD). I just need to figure out how to get in on it.
Thanks and cheers!

Featured Post

Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
As managed cloud service providers, we often get asked to intervene when cloud deployments go awry. Attracted by apparent ease-of-use, flexibility and low computing costs, companies quickly adopt leading public cloud platforms such as Amazon Web Ser…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question