24. April 2014 · Comments Off on Creating Read-Only User Accounts on Cisco ASA5500 · Categories: Cisco · Tags: , , , , , ,

All users configured on the ASA are assigned a privilege level. This privilege level is specified when configuring the username as follows:

hostname(config)# username name password password privilege priv_level

The privilege level can be any value from 0 (least permissive) to 15 (most permissive), with 2 being the default. Do note that if you want to grant the user access to privileged EXEC mode, you should use the range from 2 to 15. For the purpose of assigning read-only access to a user, we will use a privilege level of 5.

AAA refers to authentication, authorization and accounting. It allows us to authenticate who the user is, authorize what that user is allowed to do, and then keep an accounting record showing what that user has done. In order to create a read-only user account, we need to define which commands the user should be granted access to. This requires knowledge of who the user is, so we first need to ensure that user authentication is configured.

To enable AAA authentication, use the following command:

More »

07. August 2012 · Comments Off on Recovering Passwords for the ASA 5500 Series Adaptive Security Appliance · Categories: Cisco · Tags: , , ,

To recover passwords for the ASA, perform the following steps:

Step 1 Connect to the ASA console port according to the instructions in “Accessing the Appliance Command-Line Interface” section.

Step 2 Power off the ASA, and then power it on.

Step 3 After startup, press the Escape key when you are prompted to enter ROMMON mode.

Step 4 To update the configuration register value, enter the following command:

rommon #1> confreg 0x41

Update Config Register (0x41) in NVRAM…

Step 5 To set the ASA to ignore the startup configuration, enter the following command:

rommon #1> confreg

More »