Summary: Information all around on Cisco ASA Firewall Authentication.
Date: Around 2017
Refactor: 20 February 2025: Checked links and formatting.

This is a page with information about cisco authentication on an ASA firewall, and it is an addon to the Cisco Radius Authentication on Active Directory 2008 article.

All commands assume you've already logged on to the switch with privilege level 15 access and are already in config mode (conf t).

To successfully configure the firewall start with the administration of the switch, so configure the hostname, domain name and the nameserver:

hostname firewall
ip domain-name company.local
ip name-server 10.10.10.53

Create a local user with privilege 15. This user will be the fallback when RADIUS authentication fails. (Minimum of 4 characters needed as username)

username ict_bhr priv 15 password <password>

Configure AAA security services (authentication, authorization, and accounting) on the switch to support the RADIUS security protocol

Configure the authentication methods

aaa-server Cisco protocol radius
(config-aaa-server-group)# aaa-server Cisco (management) host 10.10.10.100
(config-aaa-server-host)# key <password>
(config-aaa-server-host)# radius-common-pw <password>
aaa authentication enable console Cisco LOCAL
aaa authentication http console Cisco LOCAL
aaa authentication ssh console Cisco LOCAL
aaa authorization command LOCAL

Set a banner stating that all actions, logins etc. will be logged, There are different banners :

banner exec ***************************************************************************
banner exec NOTICE TO USERS
banner exec This computer system is the private property of getshifting.com, whether
banner exec individual, corporate or government. It is for authorized use only.
banner exec Users (authorized or unauthorized) have no explicit or implicit
banner exec expectation of privacy.
banner exec Any or all uses of this system and all files on this system may be
banner exec intercepted, monitored, recorded, copied, audited, inspected, and
banner exec disclosed to your employer, to authorized site, government, and law
banner exec enforcement personnel, as well as authorized officials of government
banner exec agencies, both domestic and foreign.
banner exec By using this system, the user consents to such interception, monitoring,
banner exec recording, copying, auditing, inspection, and disclosure at the
banner exec discretion of such personnel or officials. Unauthorized or improper use
banner exec of this system may result in civil and criminal penalties and
banner exec administrative or disciplinary action, as appropriate. By continuing to
banner exec use this system you indicate your awareness of and consent to these terms
banner exec and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
banner exec conditions stated in this warning.
banner exec ****************************************************************************

banner login ***************************************************************************
banner login NOTICE TO USERS
banner login This computer system is the private property of getshifting.com, whether
banner login individual, corporate or government. It is for authorized use only.
banner login Users (authorized or unauthorized) have no explicit or implicit
banner login expectation of privacy.
banner login Any or all uses of this system and all files on this system may be
banner login intercepted, monitored, recorded, copied, audited, inspected, and
banner login disclosed to your employer, to authorized site, government, and law
banner login enforcement personnel, as well as authorized officials of government
banner login agencies, both domestic and foreign.
banner login By using this system, the user consents to such interception, monitoring,
banner login recording, copying, auditing, inspection, and disclosure at the
banner login discretion of such personnel or officials. Unauthorized or improper use
banner login of this system may result in civil and criminal penalties and
banner login administrative or disciplinary action, as appropriate. By continuing to
banner login use this system you indicate your awareness of and consent to these terms
banner login and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
banner login conditions stated in this warning.
banner login ****************************************************************************

banner asdm ***************************************************************************
banner asdm NOTICE TO USERS
banner asdm This computer system is the private property of getshifting.com, whether
banner asdm individual, corporate or government. It is for authorized use only.
banner asdm Users (authorized or unauthorized) have no explicit or implicit
banner asdm expectation of privacy.
banner asdm Any or all uses of this system and all files on this system may be
banner asdm intercepted, monitored, recorded, copied, audited, inspected, and
banner asdm disclosed to your employer, to authorized site, government, and law
banner asdm enforcement personnel, as well as authorized officials of government
banner asdm agencies, both domestic and foreign.
banner asdm By using this system, the user consents to such interception, monitoring,
banner asdm recording, copying, auditing, inspection, and disclosure at the
banner asdm discretion of such personnel or officials. Unauthorized or improper use
banner asdm of this system may result in civil and criminal penalties and
banner asdm administrative or disciplinary action, as appropriate. By continuing to
banner asdm use this system you indicate your awareness of and consent to these terms
banner asdm and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
banner asdm conditions stated in this warning.
banner asdm ****************************************************************************

auth-prompt prompt Please enter your network credentials.
auth-prompt accept Access Granted
auth-prompt reject REJECTED - User and/or Password

Now check the configuration, and only write the configuration to the cisco device if you can login successfully and everything is correct. To do so:

write
exit