Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
381
Views
0
Helpful
1
Replies

ASDM Access and local username/PW

rtjensen4
Level 4
Level 4

‎05-08-2008 11:36 AM - edited ‎03-10-2019 03:50 PM

Ok, I happened upon this today and thought it was a bit weird. We have a pair of ASA5520 as our primary firewalls.

We are using EasyVPN,and the usernames authenticate via the local username / PW configured on the firewall. All of these usernames have Privilege 0, however, these usernames are able to log into the firewall via SSH, AND when I use one of them to log into ASDM, they can go in and make config changes. I don't like that.I'm sure you can see why... How do I make it so that only my level 15 priv username can get logged in via ASDM? I've looked into AAA command authorization, but I don't see how that would apply to ASDM access.

Firewall setup:

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication enable console LOCAL

username user password password priv 15

username user1 password password1 priv 0

username user2 password password2 priv 0

username user3 password password3 priv 0

Labels:
0 Helpful
1 Reply 1

Jagdeep Gambhir
Level 10
Level 10

‎05-08-2008 06:50 PM

To achieve this you need to enable authorization.

aaa authorization command LOCAL

Let me know if you have any questions.

Regards,

~JG

Do rate helpful posts

0 Helpful
Customers Also Viewed These Support Documents