I was setting up a new ASA the other day and ran into a problem that drove me nuts. I’ve configured local access on tons of switches and routers, but this is the first time I had to configure access to a firewall from scratch. I thought I would share my experiences in case anyone else ran into the same problem.
I went through all the standard steps to setup SSH on the ASA.
ASA# conf t
ASA(config)# hostname {hostname}
newasa(config)#domain-name {domain}
newasa(config)#crypto key generate rsa modulus 2048
newasa(config)# ssh 0.0.0.0 0.0.0.0 inside (This will allow any ip on your inside interface to access the asa. For security purposes, I would tighten this down. You can repeat this command multiple times if you need to define 3 or 4 non-contiguous IP’s for access to the ASA)
newasa(config)# ssh version 2
next, I added a user.
newasa(config)# username {myuser} password {mypassword} encrypted privilege 15
Don’t forget to update the default enable password.
newasa(config)# enable password {password}
Now the most important part, actually the part that got me. You have to set up aaa authentication to the local users. If that isn’t set up, it will continue to deny access.
newasa(config)# aaa authentication ssh console LOCAL
And strangely enough, I typed local instead of LOCAL and it didn’t like it. So be sure to type LOCAL in all uppercase letters.
Tags: 
