Cisco Firewall :: ASA5510 Enable Password Not Working

Oct 11, 2012

I have a problem with an ASA5510 (8.0.4) firewall in South Africa (I'm in the UK).It's a replacement firewall that I am trying to configure remotely through a serial device with an internet facing connection, but the enable password is not working.I can connect to the device OK, type 'en' and when propted for the password whatever I use (blank, cisco, Cisco etc.) I get an 'invalid password' message.

View 2 Replies


ADVERTISEMENT

Cisco :: AAA Enable Password Not Working?

Sep 12, 2011

configuring AAA on 1841 router, initially it authenticates me well using my TACAS+ login. but though i have configured enable password in router, router directly puts me in privilage mod without asking enable password .

my configs for AAA as below

aaa authentication login ACS group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec ACS group tacacs+ local
aaa authorization commands 0 ACS group tacacs+ local
aaa authorization commands 15 ACS group tacacs+ local
aaa accounting commands 1 ACS start-stop group tacacs+
aaa accounting commands 15 ACS start-stop group tacacs+

View 8 Replies View Related

Cisco Firewall :: How To Enable ICMP Between Two Inside Interfaces ASA5510

Feb 20, 2013

Today I run into a problem with enabling ICMP traffice between two inside interfaces on ASA5510 (version 8.2). I tried to ping from 192.168.1.2 to 192.168.2.2  Failed. But I can visit outside websites or ping from any of the two addresses above to 8.8.8.8 So I checked the configuration shown as follow

<omitted>
interface ethernet0/1
nameif inside

[Code]....

View 3 Replies View Related

Cisco Firewall :: On ASA 5520 Device Enable Password Is Not Getting Changed

May 23, 2011

I try to change password on the ASA 5520 device and its not getting changed.
  
FW(config)#  enable password cisco1234(config)# end
 
After that I  perform a write memory.
 
But somehow I relogin again the enable password  still remain as the old enable password
 
version : 7.2(5)2.

View 5 Replies View Related

Cisco Firewall :: ASA 5505 / Lost Enable Password For Spare Device?

Jul 13, 2011

Is there a way to restore the device to factory settings.  I tried the reset button with a paper clip.

View 2 Replies View Related

Cisco Firewall :: 5570 - How To Change Telnet And Enable VPN User Password

Jun 17, 2011

how do i change the telnet and enable and vpn user password on asa 5570.

View 4 Replies View Related

Cisco Firewall :: ASA5510 / SSH Not Working After Upgrade

Mar 2, 2011

I have an ASA5510 which was running version 8.31. SSH was working fine on version 8.31 but since i upgraded it to version 8.41 the SSH stopped working.

View 7 Replies View Related

Cisco Firewall :: ASA5510 Not Working Properly From Outside

Feb 27, 2012

I not familiar with the ASA 5510 product. I having trouble since last 24 hours and still cant find out the root cause yet. Here is my scenario, my network should be
 
WAN --- ASA5510 (FW) --- SERVER (192.168.1.0/24)
 
Now I face the problem, all the NAT static 1-to-1 is working OK. All my public IP can be ping from outside internet. But the problem happen when I try to telnet to port 80 on each server. I had try telnet from my PC to public IP 124.xxx.179 80, it's work fine, but failed on 124.xxx.180 80, then on 124.xxx.181 80, its work fine.
 
Then I do try on my colleague PC, in same network as mine, I face another case where the public IP 124.xxx.179 80 cannot be telnet, but it's ok for 124.xxx.180, then failed on 124.xxx.181 80.
 
FYI.. all our PC can ping to the Public IP and no packet lose.
 
The scenario is very weird, I cant find any other solution as had review my configuration few times.
 
check does my configuration is working perfectly or not.
 
ASA Version 8.2(5)
!
hostname fw-asa
enable password xxx encrypted

[Code].....

View 8 Replies View Related

Cisco Firewall :: ASA5510 Not Working Ok After Upgrade 8.2 / 8.3 / 8.4

Jan 15, 2012

An ASA5510 (with 1 webserver behind it, just starting to build the cluster) was functioning OK with version 8.2: I was able to log in using RDP to the server bhind it from some trusted IP's.
 
I updated ASDM to the latest version 6.4.7, and then the ASA-software to 8.3.2. After reloading, I could not access the server anymore. I saw that changes were made to the config. Then I updated to version 8.4.3, same results of course, and this is the config. [code]

View 11 Replies View Related

Cisco Firewall :: VPN Access To ASA5510 ASDM And SSH Not Working

Aug 7, 2012

Cannot access to cisco asa5510 asdm nor ssh thru anyconnect vpn, attached is the current configuration. user authetnicaties aaa locally and has admin service-type. When vpn session is established, it lets me go thru the certificate warning and when trying to install the asdm laucher its failing. ssh access is enabled but not working. i can access both asdm and ssh from the inside network, and from a pc on that network.

View 9 Replies View Related

Cisco Firewall :: Distant Mail Server Not Working On ASA5510

Jun 15, 2011

My mail server is not in my network, it's over internet elsewhere.After installing the ASA 5510, i can not get my mails any more.

View 7 Replies View Related

Cisco Firewall :: ASA5510 Working In HA Config Now Constantly Rebooting

Mar 20, 2011

I have an ASA5510 that was working in a HA config that is now constantly rebooting itself. Here is a copy of the dump of traceback messages:

Booting system, please wait...
CISCO SYSTEMSEmbedded BIOS Version 1.0(11)5 08/28/08 15:11:51.82
Low Memory: 631 KBHigh Memory: 256 MBPCI Device Table.Bus Dev Func VendID DevID Class Irq 00 00 00 8086 2578 Host Bridge 00 01 00 8086 2579 PCI-to-PCI Bridge 00 03 00 8086 257B PCI-to-PCI Bridge 00 1C 00 8086 25AE PCI-to-PCI Bridge
[Code] .........

View 1 Replies View Related

Cisco Firewall :: ASA5510 Static Routes For Management Interface Not Working

Mar 30, 2011

We have several pairs of ASA5510s in failover A/P mode, some running 8.3(2) and others running 8.4(1).
 
e0/0 = outside
e0/1 = inside
m0/0 = management
 
The problem we're having is we can't get anything to route out of the management interface unless we put in a static route at least to the subnet level. For example, we want syslog traffic to exit out m0/0 to our syslog server 10.71.211.79. Our 'gateway of last resort' points to the next hop out e0/0, and a second static route with a higher metric and a more distinct network space is for m0/0 as in:
 
route outside 0.0.0.0 0.0.0.0 192.168.49.129 1route management 10.72.0.0 255.255.0.0 10.72.232.94 10
 
This doesn't work, and ASDM loggin gives this error: ".....Routing failed to locate next hop for udp from NP Identity Ifc:10.72.232.89/514 to management:10.72.211.79/514"
 
If I put in a more granular subnet route, or a host route of the syslog server it works, such as:
 
route management 10.72.211.0 255.255.255.0 10.72.232.94 10   <------------- this works
 
route management 10.72.211.79 255.255.255.255 10.72.232.94 10   <------------- this works too
 
Why won't a static route for 10.71.0.0 255.255.0.0 work in this case?
 
We are going to have numerous hosts access and be sent messages though the management interface of these ASAs, and it would be very burdonsome to have to add a host, or even a subnet, route for every one. I've removed all static routes and tried to rely on EIGRP, but that doesn't work. I also had to put 'passive-interface management' under the EIGRP for this to work.
 
Here is the pertinant ASA config concerning syslog, routing, and interfaces:
 
interface Ethernet0/0 nameif outside security-level 0 ip address 192.168.49.140 255.255.255.128 standby 192.168.49.141 !interface Ethernet0/1 nameif inside security-level 100 ip address xxx.xxx.xxx.xxx 255.255.255.128 standby

[Code].....

View 3 Replies View Related

Cisco Firewall :: Difference ASA5510-BUN-K9 And ASA5510-Sec-Bun-K9

Jun 6, 2012

ASA 5510 have two model Bun-K9 and Sec-Bun-K9 from the datasheet find out difference Port related and Redundancy. My questions is : Have any major difference for Security service between two model ?

View 3 Replies View Related

How To Enable The Password On D-link Di-624

Jun 24, 2011

how to enable the password on d-link di-624

View 2 Replies View Related

AAA/Identity/Nac :: Enable Password In ACS 5.3?

Jan 28, 2013

How to configure authentication of enable password using acs 5.3. I have installed acs 5.3 and created user and gave relevant passwords. Following config is done on router
 
aaa new-model
aaa authentication login default group tacacs+ local
aaa authen enable default group tacacs+ enable
tacacs-server host x.x.x.x key xxxxx
 
Now when I telnet router, i can authenticate username/pass with acs5.3 but when i try to enter enable command and give password, it gives me error in authentication. What is the process of configuring enable passwords?

View 6 Replies View Related

Cisco :: Enable Password Recovery In 2950 With AAA?

Aug 3, 2012

I need to recover switch enable password, i have already configured AAA also, when i am tryig to follow below proceedure finally saying Authorization failed. how can i recover enable password,If I try to recover password like this description says [URL]

Step 1 Connect a terminal or PC with terminal-emulation software to the switch console port.
 
Step 2 Set the line speed on the emulation software to 9600 baud.
 
Step  3 Power off the switch. Reconnect the power cord to the switch and,  within 15 seconds, press the Mode button while the System LED is still  flashing green.
 
Base ethernet MAC Address: 00:0x:xx:xx:xx:xx
Xmodem file system is available.
The password-recovery mechanism is enabled.
 
The system has been interrupted prior to initializing the flash filesystem. The following commands will initialize the flash filesystem, and finish loading the operating system software:
 
flash_init
load_helper
boot

[code]....

View 1 Replies View Related

Cisco WAN :: 1800 Is Not Prompting For Enable Password?

Aug 29, 2012

I have a cisco 1801 router that is not prompting for enable password.After loging into router thru telnet it puts direct into privelege mode without promting for enable password.Here is the configuration:
 
User Access Verification
Username: adminPassword:xxxxx#sh runBuilding configuration...
Current configuration : 2132 bytes!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname xxxxxx!boot-start-markerboot-end-marker!enable password 7 022F0A5D0208063555692B!no aaa new-model!!dot11 syslog!!ip cefno ip dhcp use vrf connectedip dhcp excluded-address 192.168.0.1 192.168.0.10!ip dhcp pool LAN   import all   network 192.168.0.0 255.255.255.0   default-router 192.168.0.1!!!multilink bundle-name authenticated!!username admin privilege 15 password 7 112017031E1C02181Dusername user privilege 3 password 7 091D1C5A100B111B05051033!!archivelog config  hidekeys!!!!!interface ATM0no ip addressno atm ilmi-keepalivepvc xxxxx 

[code].....

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Is Refusing To Use Enable Password

Dec 21, 2012

I have migrated my ACS data from 4.1 to 5.1 and everything is working fine to test the connection I have configured a switch to get the authentication from the new Tacacs server, using my old username and password..i got in perfectly but when the switch asked my for enable which is the same password, it refused the password.(I have unchecked the <use a different password for enable> option) I deleted my switch from the Tacacs to enter locally, I went in with no problems..i thought that the problem may be from the old configuration.so I created a new username and password to check, and the problem still exist.

View 2 Replies View Related

Cisco WAN :: 888e Enable Password Changed

Oct 23, 2012

Today I wanted to change my passwords on my router Cisco 888e.I connect by telnet my router and access the enable mode.Then, I set my enable password to passwordxxx with the command enable password password1.After a show run, i could see in this config my new password correctly set. Then, I set my enable secret password to passwordxxx (the same) with the command enable secret password password1.I log off the enable mode.Try to log on with the command en but when I type the new or the old password, I receive a 'Access denied' message.

And I'm sure of the new one because on my command line to define it I could see this new password in clear!What are my solutions to access the enable mode again?If I reboot my router, it'll run the previous config file with the old password? I've only worked on the running config file and haven't apply these changes to the nvram.

View 4 Replies View Related

Cisco WAN :: RSP720 Default Enable Password

Mar 15, 2011

We are installaing a new RSP720 on 7606 platform and facing a peculiar problem.  It is prompting for a enable password.  We have not configured anything on router yet, still it is asking for enable password.

View 3 Replies View Related

Cisco VPN :: Resetting Enable Password On ASA5505 Device

Jul 9, 2012

resetting the disable password on an ASA5505 device

View 9 Replies View Related

Cisco WAN :: 7609 - Enable Password Unable To Reset?

Mar 28, 2011

Cisco 7609 Router, Enable password unable to reset.
 
Many times CTRL+BREAK Key combination while booting the router does not takes the console to ROMMON.
 
Router boots using the IOS image in the bootdisk0: (For entering into the ROMMON, removed both the external Flash disks also - no use)
 
2 or three time in a day it enters in to the ROMMON while pressing CTRL+BREAK.
 
Tried in the ROMMON (one Sup is removed) with confreg 0x2142 followed by reset/boot commands, the router is booting with the startup config.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS V4.2 Changed AD Password Now Can't Get Into Enable Side

Dec 29, 2011

Changed my AD password and now i cannot get into the enable side of the cisco switches on our network (we have no routers).Looking on the logs for the ACS v4.2 I can see the following -
 
On TACACS+ Accounting you can see the connections which have worked - it the initial tty connections -
 
When i look in the failed attempts i see the following Auth failed -  External  DB user invalid or bad password  or on another occasion internal error or EAP-TLS or PEAP authentication failed due to unknown CAcertificate during SSL handshake.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: 5510 - How To Enable Password When Using Tacacs+

Jul 10, 2012

I have been experimenting with acs 4.2 and  a cisco asa 5510. I have managed to authenticate the ASA users with my tacacs server. The user "test" is authenticated with the tacacs server, and can log in. But the enable password is wrong, because i dont know where to place it in the tacacs server.
 
Now my question is, where do i set my enable password when authenticatig with tacacs+. And for this i mean in the acs 4.2, i know how to do it on the asa.

View 4 Replies View Related

Cisco :: Enable Password Fails In AAA Authentication Method List?

Jul 15, 2011

I've got a weird problem that I can't figure out. I've de-authorized the switch in the RADIUS server to force an ERROR status to test the backup entries in the AAA authentication method list. However, after I do that and try to log in (through ssh), it just prompts me for my username's password and not the enable password. Here's the debug output:

1d02h: RADIUS: Marking server xxx.xxx.xxx.xxx:1812,1813 dead
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No valid server found. Trying any viable server
1d02h: RADIUS: Tried all servers.
1d02h: RADIUS: No response for id 10

[code]...

View 14 Replies View Related

Cisco AAA/Identity/Nac :: How To Setup Enable Mode Password On ASA 5510

Jan 24, 2013

how do I setup an enable password for an ASA 5510?  At the moment its setup to authenticate using RADIUS (which I'd like to keep doing) but I need to setup an enable mode password.

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Migration Utility TACACS+ Enable Password

Jul 26, 2012

I am trying to migrate an ACS 4.1.1(24) using the migraton tool to ACS 5.2. The tool is working OK. It migrates the users, groups, NDG, etc. and the reports are showing no errors.
 
The problem is with the Enable password of the users. The users in the ACS 4 have the TACACS+ Enable Password configured, but after the migration it appears empty in the ACS 5.

View 3 Replies View Related

Cisco VPN :: ASA5510 / SSLVPN Portal Password Management?

May 19, 2013

I'm trying to setup a SSLVPN Portal for our customer which will authenticate against Active Directory using LDAP over SSL and with the portal have the ability to change password if it has expired. I have managed to setup everything now except for the password reset which is giving me a headache. This is the message that's presented by the portal when i try to change the password even though the same password works when i change it on a PC instead of using the portal.
 
"Cannot complete password change because the password does not meet the password policy requirements. Check the minimum password length, password complexity, and password history requirements."
 
And below is the output of ldap debug on the ASA5510 the Portal is running on.
 
[473] Session Start
[473] New request Session, context 0xadbe760c, reqType = Modify Password
[473] Fiber started
[473] Creating LDAP context with uri=ldaps://x.x.x.x:3269
[473] Connect to LDAP server: ldaps://x.x.x.x:3269, status = Successful
[473] supportedLDAPVersion: value = 3

[code]....

View 5 Replies View Related

Cisco Wireless :: AIR-AP1142N-A-K9 Set To Factory Default But Enable Password Not Reset

Jan 17, 2012

I was trying to  do a password recovery on a 1142 AP  but  enable password did not reset  and I am stuck 
 
AP model is   AIR-AP1142N-A-K9
Running IOS  c1140-k9w7-mx.124-21a.JA1
 
Its autonomous so there is no controller.  I renamed the config.txt file I am unable to rename or delete the  private-config file. I get the message that file or directory cannot be found when i try to rename and permission denied when I try to  delete it.

View 12 Replies View Related

Cisco AAA/Identity/Nac :: 3845 - Enable Secret Password Missing In Configuration

Jun 23, 2011

Recently I came across a router (Cisco 3845,  IOS 12.4) configured for TACACS, one local username and an enable  password. Going through the configuration I noticed the router didn't  have an enable secret password which I thought was strange. The TACACS  config is below, comments regarding the  TACACS config and the consequences of not having an enable secret or if  there is a need for one.
 
aaa authentication login default group tacacs+                                  aaa authentication login no_tacacs enable                                       aaa authorization exec default group tacacs+                                    aaa authorization commands 1 default group tacacs+                              aaa authorization commands 15 default group tacacs+                             aaa accounting exec default start-stop group tacacs+                            aaa accounting commands 1 default start-stop group tacacs+                      aaa accounting commands 15 default start-stop group tacacs+                     aaa accounting network default start-stop group tacacs+

View 7 Replies View Related

Cisco Switching/Routing :: 3750 Switch - Lost Enable Password

May 2, 2013

I have lost the "ENABLE" password on my 3750 switch.

View 5 Replies View Related

Cisco VPN :: ASA5510 / AnyConnect Active Directory User Password Expiration?

May 20, 2012

I have a Cisco ASA5510 firewall that  has SSL Web VPN functionality and is utilizing AD Server as  Authentication server for users.However, we have a policy to change  password at certain point of time. Users in the office have no problem.  They just login their PC and change password. Users outside of office is  a pain when their password is expired. Is it posible for them to change  their AD password thru VPN using Cisco Anyconnect?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved