ASDM Access and local username/PW

Unanswered Question
May 8th, 2008
User Badges:
  • Bronze, 100 points or more

Ok, I happened upon this today and thought it was a bit weird. We have a pair of ASA5520 as our primary firewalls.

We are using EasyVPN,and the usernames authenticate via the local username / PW configured on the firewall. All of these usernames have Privilege 0, however, these usernames are able to log into the firewall via SSH, AND when I use one of them to log into ASDM, they can go in and make config changes. I don't like that.I'm sure you can see why... How do I make it so that only my level 15 priv username can get logged in via ASDM? I've looked into AAA command authorization, but I don't see how that would apply to ASDM access.


Firewall setup:

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication enable console LOCAL


username user password password priv 15

username user1 password password1 priv 0

username user2 password password2 priv 0

username user3 password password3 priv 0


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Thu, 05/08/2008 - 18:50
User Badges:
  • Red, 2250 points or more

To achieve this you need to enable authorization.


aaa authorization command LOCAL


Let me know if you have any questions.


Regards,

~JG


Do rate helpful posts

Actions

This Discussion