We help IT Professionals succeed at work.

Why the ASA did not ask for username and Password when I tried to login asa 5505  by console.

EESky
EESky asked
on
1,712 Views
Last Modified: 2014-05-18
Expert

Why the ASA did not ask for username and Password when I tried to login asa 5505 by console. I did password recovering exactly based on cisco article. There are several username and its password in the configuration. Any expert can give me a suggestion ? thank you !
Comment
Watch Question

Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
Could you post a sanitized copy of your config so we can have a look?

Author

Commented:
HI Thank you for your reply. The following is the relative configuration. If there are other configuration needed, just let me know.

ASA#sh run
enable password 8Ry2YjIyt7RRU24 encrypted
passwd 2KFQnbNIdI.2KU encrypted
names


ASA# sh run | in username
username sales-user password gse1yUmW/36HPAd/ encrypted
username sales-user attributes
username admin password LWLaRPR0Y0uNM9mq encrypted privilege 15
username cisco1 password jmINXNH6p1BxUppp encrypted
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
You should also have a line or lines starting with:
aaa authentication
Could you show those?

Author

Commented:
Hi Thank you again. Please see the following and let me know if there are some info needed

aaa-server Red-GROUP protocol radius
aaa-server Red-GROUP (inside) host 192.168.1.2
 key *****
 radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication http console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
So no: aaa authentication lines?

Try adding: aaa authentication console LOCAL

And see if that works.
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
Oh wait, there is one (doh).

Is that indented under the aaa-server?
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
Typo, should be:
aaa authentication serial console LOCAL

Author

Commented:
Yes, it works out. Thank you.
But I removed the all aaa, why didnt it still ask for username and password ?
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
But I removed the all aaa
Not sure what you mean by that?

Author

Commented:
Sorry, I meant after I removed ALL aaa commands in the asa, the asa should ask for the username and password when i login the asa. it is because i already setup username and its password. However, the asa did not ask for username and password when i login it.
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
That could be. It did ask for an enable password, did it?
Because you removed the aaa, the ASA didn't ask for an initial username/pass. You use the aaa to tell the ASA to use username/password authentication from a predefined source (like LOCAL).

Author

Commented:
That may be difference between router and asa. In router, after we set up user and its password, the router ask for username and password when we try to log in the router even if we did not setup aaa commands.
Senior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION

Author

Commented:
Thank you !
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
My pleasure :)
Thx for the points.

Author

Commented:
What you said is right, after adding "aaa authentication console LOCAL" it can work. but i suddenly think of a question. Before I did password recovery, the asa asked for username and password when i tried to login. However after i did password recovery, the asa did not ask for username and its password. My question is after i did the password recovery, the command "aaa authentication console LOCAL" was gone automatically ?
Ernie BeekSenior infrastructure engineer
CERTIFIED EXPERT
Top Expert 2012

Commented:
That could be. I don't know what password recovery you did exactly but I can imagine that the result was that everything regarding passwords was reset to defaults. That should also include those aaa commands.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.