Cisco Firewall :: ASA5510 Enable Password Not Working
Oct 11, 2012
I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.
View 2 Replies
ADVERTISEMENT
Sep 12, 2011
configuring AAA on 1841 router, initially it authenticates me well using my TACAS+ login. but though i have configured enable password in router, router directly puts me in privilage mod without asking enable password .
my configs for AAA as below
aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 0 ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting commands 1 ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+
View 8 Replies
View Related
Feb 20, 2013
Today I run into a problem with enabling ICMP traffice between two inside interfaces on ASA5510 (version 8.2). I tried to ping from 192.168.1.2 to 192.168.2.2 Failed. But I can visit outside websites or ping from any of the two addresses above to 8.8.8.8 So I checked the configuration shown as follow
<omitted>
interface ethernet0/1
nameif inside
[Code]....
View 3 Replies
View Related
May 23, 2011
I try to change password on the ASA 5520 device and its not getting changed.
FW(config)# enable password cisco1234(config)# end
After that I perform a write memory.
But somehow I relogin again the enable password still remain as the old enable password
version : 7.2(5)2.
View 5 Replies
View Related
Jul 13, 2011
Is there a way to restore the device to factory settings. I tried the reset button with a paper clip.
View 2 Replies
View Related
Jun 17, 2011
how do i change the telnet and enable and vpn user password on asa 5570.
View 4 Replies
View Related
Mar 2, 2011
I have an ASA5510 which was running version 8.31. SSH was working fine on version 8.31 but since i upgraded it to version 8.41 the SSH stopped working.
View 7 Replies
View Related
Feb 27, 2012
I not familiar with the ASA 5510 product. I having trouble since last 24 hours and still cant find out the root cause yet. Here is my scenario, my network should be
WAN --- ASA5510 (FW) --- SERVER (192.168.1.0/24)
Now I face the problem, all the NAT static 1-to-1 is working OK. All my public IP can be ping from outside internet. But the problem happen when I try to telnet to port 80 on each server. I had try telnet from my PC to public IP 124.xxx.179 80, it's work fine, but failed on 124.xxx.180 80, then on 124.xxx.181 80, its work fine.
Then I do try on my colleague PC, in same network as mine, I face another case where the public IP 124.xxx.179 80 cannot be telnet, but it's ok for 124.xxx.180, then failed on 124.xxx.181 80.
FYI.. all our PC can ping to the Public IP and no packet lose.
The scenario is very weird, I cant find any other solution as had review my configuration few times.
check does my configuration is working perfectly or not.
ASA Version 8.2(5)
!
hostname fw-asa
enable password xxx encrypted
[Code].....
View 8 Replies
View Related
Jan 15, 2012
An ASA5510 (with 1 webserver behind it, just starting to build the cluster) was functioning OK with version 8.2: I was able to log in using RDP to the server bhind it from some trusted IP's.
I updated ASDM to the latest version 6.4.7, and then the ASA-software to 8.3.2. After reloading, I could not access the server anymore. I saw that changes were made to the config. Then I updated to version 8.4.3, same results of course, and this is the config. [code]
View 11 Replies
View Related
Aug 7, 2012
Cannot access to cisco asa5510 asdm nor ssh thru anyconnect vpn, attached is the current configuration. user authetnicaties aaa locally and has admin service-type. When vpn session is established, it lets me go thru the certificate warning and when trying to install the asdm laucher its failing. ssh access is enabled but not working. i can access both asdm and ssh from the inside network, and from a pc on that network.
View 9 Replies
View Related
Jun 15, 2011
My mail server is not in my network, it's over internet elsewhere.After installing the ASA 5510, i can not get my mails any more.
View 7 Replies
View Related
Mar 20, 2011
I have an ASA5510 that was working in a HA config that is now constantly rebooting itself. Here is a copy of the dump of traceback messages:
Booting system, please wait...
CISCO SYSTEMSEmbedded BIOS Version 1.0(11)5 08/28/08 15:11:51.82
Low Memory: 631 KBHigh Memory: 256 MBPCI Device Table.Bus Dev Func VendID DevID Class Irq 00 00 00 8086 2578 Host Bridge 00 01 00 8086 2579 PCI-to-PCI Bridge 00 03 00 8086 257B PCI-to-PCI Bridge 00 1C 00 8086 25AE PCI-to-PCI Bridge
[Code] .........
View 1 Replies
View Related
Mar 30, 2011
We have several pairs of ASA5510s in failover A/P mode, some running 8.3(2) and others running 8.4(1).
e0/0 = outside
e0/1 = inside
m0/0 = management
The problem we're having is we can't get anything to route out of the management interface unless we put in a static route at least to the subnet level. For example, we want syslog traffic to exit out m0/0 to our syslog server 10.71.211.79. Our 'gateway of last resort' points to the next hop out e0/0, and a second static route with a higher metric and a more distinct network space is for m0/0 as in:
route outside 0.0.0.0 0.0.0.0 192.168.49.129 1route management 10.72.0.0 255.255.0.0 10.72.232.94 10
This doesn't work, and ASDM loggin gives this error: ".....Routing failed to locate next hop for udp from NP Identity Ifc:10.72.232.89/514 to management:10.72.211.79/514"
If I put in a more granular subnet route, or a host route of the syslog server it works, such as:
route management 10.72.211.0 255.255.255.0 10.72.232.94 10 <------------- this works
route management 10.72.211.79 255.255.255.255 10.72.232.94 10 <------------- this works too
Why won't a static route for 10.71.0.0 255.255.0.0 work in this case?
We are going to have numerous hosts access and be sent messages though the management interface of these ASAs, and it would be very burdonsome to have to add a host, or even a subnet, route for every one. I've removed all static routes and tried to rely on EIGRP, but that doesn't work. I also had to put 'passive-interface management' under the EIGRP for this to work.
Here is the pertinant ASA config concerning syslog, routing, and interfaces:
interface Ethernet0/0 nameif outside security-level 0 ip address 192.168.49.140 255.255.255.128 standby 192.168.49.141 !interface Ethernet0/1 nameif inside security-level 100 ip address xxx.xxx.xxx.xxx 255.255.255.128 standby
[Code].....
View 3 Replies
View Related
Jun 6, 2012
ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?
View 3 Replies
View Related
Jun 24, 2011
how to enable the password on d-link di-624
View 2 Replies
View Related
Jan 28, 2013
How to configure authentication of enable password using acs 5.3. I have installed acs 5.3 and created user and gave relevant passwords. Following config is done on router
aaa new-model
aaa authentication login default group tacacs+ local
aaa authen enable default group tacacs+ enable
tacacs-server host x.x.x.x key xxxxx
Now when I telnet router, i can authenticate username/pass with acs5.3 but when i try to enter enable command and give password, it gives me error in authentication. What is the process of configuring enable passwords?
View 6 Replies
View Related
Aug 3, 2012
I need to recover switch enable password, i have already configured AAA also, when i am tryig to follow below proceedure finally saying Authorization failed. how can i recover enable password,If I try to recover password like this description says [URL]
Step 1 Connect a terminal or PC with terminal-emulation software to the switch console port.
Step 2 Set the line speed on the emulation software to 9600 baud.
Step 3 Power off the switch. Reconnect the power cord to the switch and, within 15 seconds, press the Mode button while the System LED is still flashing green.
Base ethernet MAC Address: 00:0x:xx:xx:xx:xx
Xmodem file system is available.
The password-recovery mechanism is enabled.
The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software:
flash_init
load_helper
boot
[code]....
View 1 Replies
View Related
Aug 29, 2012
I have a cisco 1801 router that is not prompting for enable password.After loging into router thru telnet it puts direct into privelege mode without promting for enable password.Here is the configuration:
User Access Verification
Username: adminPassword:xxxxx#sh runBuilding configuration...
Current configuration : 2132 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname xxxxxx!boot-start-markerboot-end-marker!enable password 7 022F0A5D0208063555692B!no aaa new-model!!dot11 syslog!!ip cefno ip dhcp use vrf connectedip dhcp excluded-address 192.168.0.1 192.168.0.10!ip dhcp pool LAN import all network 192.168.0.0 255.255.255.0 default-router 192.168.0.1!!!multilink bundle-name authenticated!!username admin privilege 15 password 7 112017031E1C02181Dusername user privilege 3 password 7 091D1C5A100B111B05051033!!archivelog config hidekeys!!!!!interface ATM0no ip addressno atm ilmi-keepalivepvc xxxxx
[code].....
View 7 Replies
View Related
Dec 21, 2012
I have migrated my ACS data from 4.1 to 5.1 and everything is working fine to test the connection I have configured a switch to get the authentication from the new Tacacs server, using my old username and password..i got in perfectly but when the switch asked my for enable which is the same password, it refused the password.(I have unchecked the <use a different password for enable> option) I deleted my switch from the Tacacs to enter locally, I went in with no problems..i thought that the problem may be from the old configuration.so I created a new username and password to check, and the problem still exist.
View 2 Replies
View Related
Oct 23, 2012
Today I wanted to change my passwords on my router Cisco 888e.I connect by telnet my router and access the enable mode.Then, I set my enable password to passwordxxx with the command enable password password1.After a show run, i could see in this config my new password correctly set. Then, I set my enable secret password to passwordxxx (the same) with the command enable secret password password1.I log off the enable mode.Try to log on with the command en but when I type the new or the old password, I receive a 'Access denied' message.
And I'm sure of the new one because on my command line to define it I could see this new password in clear!What are my solutions to access the enable mode again?If I reboot my router, it'll run the previous config file with the old password? I've only worked on the running config file and haven't apply these changes to the nvram.
View 4 Replies
View Related
Mar 15, 2011
We are installaing a new RSP720 on 7606 platform and facing a peculiar problem. It is prompting for a enable password. We have not configured anything on router yet, still it is asking for enable password.
View 3 Replies
View Related
Jul 9, 2012
resetting the disable password on an ASA5505 device
View 9 Replies
View Related
Mar 28, 2011
Cisco 7609 Router, Enable password unable to reset.
Many times CTRL+BREAK Key combination while booting the router does not takes the console to ROMMON.
Router boots using the IOS image in the bootdisk0: (For entering into the ROMMON, removed both the external Flash disks also - no use)
2 or three time in a day it enters in to the ROMMON while pressing CTRL+BREAK.
Tried in the ROMMON (one Sup is removed) with confreg 0x2142 followed by reset/boot commands, the router is booting with the startup config.
View 2 Replies
View Related
Dec 29, 2011
Changed my AD password and now i cannot get into the enable side of the cisco switches on our network (we have no routers).Looking on the logs for the ACS v4.2 I can see the following -
On TACACS+ Accounting you can see the connections which have worked - it the initial tty connections -
When i look in the failed attempts i see the following Auth failed - External DB user invalid or bad password or on another occasion internal error or EAP-TLS or PEAP authentication failed due to unknown CAcertificate during SSL handshake.
View 1 Replies
View Related
Jul 10, 2012
I have been experimenting with acs 4.2 and a cisco asa 5510. I have managed to authenticate the ASA users with my tacacs server. The user "test" is authenticated with the tacacs server, and can log in. But the enable password is wrong, because i dont know where to place it in the tacacs server.
Now my question is, where do i set my enable password when authenticatig with tacacs+. And for this i mean in the acs 4.2, i know how to do it on the asa.
View 4 Replies
View Related
Jul 15, 2011
I've got a weird problem that I can't figure out. I've de-authorized the switch in the RADIUS server to force an ERROR status to test the backup entries in the AAA authentication method list. However, after I do that and try to log in (through ssh), it just prompts me for my username's password and not the enable password. Here's the debug output:
1d02h: RADIUS: Marking server xxx.xxx.xxx.xxx:1812,1813 dead
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No valid server found. Trying any viable server
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No response for id 10
[code]...
View 14 Replies
View Related
Jan 24, 2013
how do I setup an enable password for an ASA 5510? At the moment its setup to authenticate using RADIUS (which I'd like to keep doing) but I need to setup an enable mode password.
View 3 Replies
View Related
Jul 26, 2012
I am trying to migrate an ACS 4.1.1(24) using the migraton tool to ACS 5.2. The tool is working OK. It migrates the users, groups, NDG, etc. and the reports are showing no errors.
The problem is with the Enable password of the users. The users in the ACS 4 have the TACACS+ Enable Password configured, but after the migration it appears empty in the ACS 5.
View 3 Replies
View Related
May 19, 2013
I'm trying to setup a SSLVPN Portal for our customer which will authenticate against Active Directory using LDAP over SSL and with the portal have the ability to change password if it has expired. I have managed to setup everything now except for the password reset which is giving me a headache. This is the message that's presented by the portal when i try to change the password even though the same password works when i change it on a PC instead of using the portal.
"Cannot complete password change because the password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements."
And below is the output of ldap debug on the ASA5510 the Portal is running on.
[473] Session Start
[473] New request Session, context 0xadbe760c, reqType = Modify Password
[473] Fiber started
[473] Creating LDAP context with uri=ldaps://x.x.x.x:3269
[473] Connect to LDAP server: ldaps://x.x.x.x:3269, status = Successful
[473] supportedLDAPVersion: value = 3
[code]....
View 5 Replies
View Related
Jan 17, 2012
I was trying to do a password recovery on a 1142 AP but enable password did not reset and I am stuck
AP model is AIR-AP1142N-A-K9
Running IOS c1140-k9w7-mx.124-21a.JA1
Its autonomous so there is no controller. I renamed the config.txt file I am unable to rename or delete the private-config file. I get the message that file or directory cannot be found when i try to rename and permission denied when I try to delete it.
View 12 Replies
View Related
Jun 23, 2011
Recently I came across a router (Cisco 3845, IOS 12.4) configured for TACACS, one local username and an enable password. Going through the configuration I noticed the router didn't have an enable secret password which I thought was strange. The TACACS config is below, comments regarding the TACACS config and the consequences of not having an enable secret or if there is a need for one.
aaa authentication login default group tacacs+ aaa authentication login no_tacacs enable aaa authorization exec default group tacacs+ aaa authorization commands 1 default group tacacs+ aaa authorization commands 15 default group tacacs+ aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting network default start-stop group tacacs+
View 7 Replies
View Related
May 2, 2013
I have lost the "ENABLE" password on my 3750 switch.
View 5 Replies
View Related
May 20, 2012
I have a Cisco ASA5510 firewall that has SSL Web VPN functionality and is utilizing AD Server as Authentication server for users.However, we have a policy to change password at certain point of time. Users in the office have no problem. They just login their PC and change password. Users outside of office is a pain when their password is expired. Is it posible for them to change their AD password thru VPN using Cisco Anyconnect?
View 2 Replies
View Related