- Bronze, 100 points or more
Ok, I happened upon this today and thought it was a bit weird. We have a pair of ASA5520 as our primary firewalls.
We are using EasyVPN,and the usernames authenticate via the local username / PW configured on the firewall. All of these usernames have Privilege 0, however, these usernames are able to log into the firewall via SSH, AND when I use one of them to log into ASDM, they can go in and make config changes. I don't like that.I'm sure you can see why... How do I make it so that only my level 15 priv username can get logged in via ASDM? I've looked into AAA command authorization, but I don't see how that would apply to ASDM access.
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
username user password password priv 15
username user1 password password1 priv 0
username user2 password password2 priv 0
username user3 password password3 priv 0