I create a username on the ASA for the purpose of providing VPN access...
username vpnuser1 password <removed> encrypted privilege 0
username vpnuser1 attributes
group-lock value remoteaccess
Note that in the above, "remoteaccess" is the name of the VPN group policy.
It works fine and user can VPN. The problem is, that username ALSO works for logging in to the CLI which I do not want. How can this be fixed?