two questions: IM inspection and SSH access via LDAP

Unanswered Question
Aug 30th, 2008
User Badges:

I have two unrelated questions

background: I am running an asa 5505, 8.0.4, using direct LDAP for vpn authentication. no radius or tacacs+ server

1. in regards to IM inspection, I have been able to configure my ASA to filter based on a particular user name signing in to yahoo im. I set the action to log, however whenever I login using that account to test, the ASA drops the connection. It does not drop when using other usernames. I checked the policy setting and it keeps defaulting back to drop instead of log only. any way around this to just log when a given username is used to sign in?

2. I am trying to set up my asa so that I can control who logs in via ssh(ideally any management access) via ldap. I can get the authentication to work, but I would like to restrict it to a given group or group, the same way that I have the VPN set up to match an ldap group. Is this possible and how should i proceed?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Mon, 09/01/2008 - 02:42
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

can u post ur config for the first question

then we can find if there is an error in the config or not


This Discussion