HTTP ASDM access

Answered Question
Nov 7th, 2008
User Badges:
  • Purple, 4500 points or more

Is there a way to secure the access for ASDM after a user logs in?


For example:


ssh to public address prompts username and then a password for the enable


http doesn't. You can log into the ASDM with the local username and apply any change you want without using any other authentication. I'm assuming that the ASDM uses elevated authentication? Is there a way around this?


Thanks,


John

Correct Answer by Jagdeep Gambhir about 8 years 8 months ago

John,

You need to use command authorization using tacacs or you can also setup local user with different access rights.


With TACACS


http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml



http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1042034



Regards,

~JG


Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Jagdeep Gambhir Fri, 11/07/2008 - 12:46
User Badges:
  • Red, 2250 points or more

John,

You need to use command authorization using tacacs or you can also setup local user with different access rights.


With TACACS


http://cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml



http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/mgaccess.html#wp1042034



Regards,

~JG


Do rate helpful posts

Actions

This Discussion