Avatar of EESky
EESky
 asked on

Why the ASA did not ask for username and Password when I tried to login asa 5505 by console.

Expert

Why the ASA did not ask for username and Password when I tried to login asa 5505 by console. I did password recovering exactly based on cisco article. There are several username and its password in the configuration. Any expert can give me a suggestion ? thank you !
Cisco

Avatar of undefined
Last Comment
Ernie Beek

8/22/2022 - Mon
Ernie Beek

Could you post a sanitized copy of your config so we can have a look?
EESky

ASKER
HI Thank you for your reply. The following is the relative configuration. If there are other configuration needed, just let me know.

ASA#sh run
enable password 8Ry2YjIyt7RRU24 encrypted
passwd 2KFQnbNIdI.2KU encrypted
names


ASA# sh run | in username
username sales-user password gse1yUmW/36HPAd/ encrypted
username sales-user attributes
username admin password LWLaRPR0Y0uNM9mq encrypted privilege 15
username cisco1 password jmINXNH6p1BxUppp encrypted
Ernie Beek

You should also have a line or lines starting with:
aaa authentication
Could you show those?
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
EESky

ASKER
Hi Thank you again. Please see the following and let me know if there are some info needed

aaa-server Red-GROUP protocol radius
aaa-server Red-GROUP (inside) host 192.168.1.2
 key *****
 radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication http console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
Ernie Beek

So no: aaa authentication lines?

Try adding: aaa authentication console LOCAL

And see if that works.
Ernie Beek

Oh wait, there is one (doh).

Is that indented under the aaa-server?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ernie Beek

Typo, should be:
aaa authentication serial console LOCAL
EESky

ASKER
Yes, it works out. Thank you.
But I removed the all aaa, why didnt it still ask for username and password ?
Ernie Beek

But I removed the all aaa
Not sure what you mean by that?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
EESky

ASKER
Sorry, I meant after I removed ALL aaa commands in the asa, the asa should ask for the username and password when i login the asa. it is because i already setup username and its password. However, the asa did not ask for username and password when i login it.
Ernie Beek

That could be. It did ask for an enable password, did it?
Because you removed the aaa, the ASA didn't ask for an initial username/pass. You use the aaa to tell the ASA to use username/password authentication from a predefined source (like LOCAL).
EESky

ASKER
That may be difference between router and asa. In router, after we set up user and its password, the router ask for username and password when we try to log in the router even if we did not setup aaa commands.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Ernie Beek

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
EESky

ASKER
Thank you !
Ernie Beek

My pleasure :)
Thx for the points.
EESky

ASKER
What you said is right, after adding "aaa authentication console LOCAL" it can work. but i suddenly think of a question. Before I did password recovery, the asa asked for username and password when i tried to login. However after i did password recovery, the asa did not ask for username and its password. My question is after i did the password recovery, the command "aaa authentication console LOCAL" was gone automatically ?
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
Ernie Beek

That could be. I don't know what password recovery you did exactly but I can imagine that the result was that everything regarding passwords was reset to defaults. That should also include those aaa commands.