Solved

asa password

Posted on 2013-12-18
16
692 Views
Last Modified: 2014-01-06
I want to change the enable password on an ASA, but I realized there is no option for "enable secret"

ASA-Floor4(config)# enable secret ?
ERROR: % Unrecognized command


I see in the config that the enable password has:

enable password PasSwordHere encrypted
passwd PasSwordHere encrypted


I want only to change the enable password and keep it secret\encrypted like it is now but there is no enable secret command. There is a local username 15 and
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication telnet console LOCAL

can someone explain and help me change the password. Thanks.
0
Comment
Question by:tolinrome
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
16 Comments
 
LVL 24

Expert Comment

by:smckeown777
ID: 39727877
The command you need is

enable password <your password> encrypted
0
 
LVL 7

Author Comment

by:tolinrome
ID: 39727962
when I tried that it says it says it is too short (paraprashing), but when I look at another firewall setup exactly as this one, it uses the same password and didn't give that error.
Both firewalls have the same setup and the hashing characters in the passwords are exactly the same, but the two passwords are actually different.
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39728004
Half asleep here...sorry

Leave out the 'encrypted' bit I mentioned above...by default all enable passwords on the ASA are encrypted by default

Try it again and see...

enable password <your password>
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 7

Author Comment

by:tolinrome
ID: 39729110
it wont take the new password, it still retains the old one. It looks like it takes it, but when I log out and back in, it's still old password. Could this have anything to do with the local aaa authentication?

cisco(config)#enable password <my password>
cisco(config)#
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39729114
When you say 'log out and back in' what do you mean? From console or telnet? How are you logging in exactly?
0
 
LVL 7

Author Comment

by:tolinrome
ID: 39729305
ssh
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39729322
Right, well ssh and enable are 2 different passwords...so want to be sure there is no confusion here

To set password for ssh you use

passwd <your password>

That sets the ssh password...is that what you are getting confused on?
0
 
LVL 7

Author Comment

by:tolinrome
ID: 39729389
no, I can login fine using ssh, that's no problem. The only problem is that when I change the enable password, it doesn't take it, I still have to use the old enable password. But whats confusing is that when I type the new enable password it acts like it's taking it. For example:

1. I login using ssh
2. I change the enable password
    cisco(config)#enable password <my password>
    cisco(config)#
3. I exit the device without saving (wr mem)
4. I login back in using ssh
5. I go into enable mode and its the old password again, not the new one I just created.

Thanks for helping.
0
 
LVL 24

Expert Comment

by:smckeown777
ID: 39729511
Ok, well either its a bug(what version IOS are you on?) or this line is possibly causing your issue

aaa authentication enable console LOCAL

Remove that and test again...

no aaa authentication enable console LOCAL

I think that means 'each user has a seperate enable password different from the global one'...

To confirm - does your new enable password work? Even though the older one does as well?
0
 
LVL 7

Author Comment

by:tolinrome
ID: 39729573
I know its not a bug since others on same version are fine. So it probably has something to do with the local authentication but I want to fully understand first before cancelling out that line.
0
 
LVL 7

Author Comment

by:tolinrome
ID: 39732912
Anyone?
0
 
LVL 7

Author Comment

by:tolinrome
ID: 39740258
anyone?
0
 
LVL 24

Accepted Solution

by:
smckeown777 earned 500 total points
ID: 39743548
From my understanding this is by design...

Do this as a test please...connect a console cable to the ASA and connect to the console...I would guess that the NEW enable password will work now

2nd test - when SSH'd in and you enter enable mode - enter the current ssh password and does it take?

The line

aaa authentication enable console LOCAL

means 'you switch to enable mode using the USERS password'...which is why I said remove that line to confirm/test this...
0
 
LVL 7

Author Comment

by:tolinrome
ID: 39749947
problem is the asa is in a remote site and cant console in.
0
 
LVL 29

Expert Comment

by:serialband
ID: 39751748
Get yourself a remote console, such as a Lantronix Spider, Duo, or SLC, depending on how many console connections you need.  You can set up your firewall to only allow connections from your location and you can have remote console access to all your systems.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
adjusting startup config 6 76
Microwave IP VPN or Wireless Bridging 26 89
SSL-VPN 1 90
Cisco ACS second root certificate 3 10
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question