Is there a way to allow users WebVPN (SSL) access through the ASA (8.2.1) without allowing them to connect via ASDM, SSH, Telnet or CLI? I would like to prevent my VPN users from accessing the configuration of the firewall.
I see in ASDM that there's some wording about 'this is effective only if AAA authenticate console command is configured' but I don't understand what it's explaining.
Thanks in advance,
You can restrict local users with the following:
You need the aaa autenticate console commands because when its not defined you can come in as the default username (pix) or no username at all and the enable password (in the case of ASDM). If there is no username sent, then we obviously can't check for the "service-type" option in the username attributes. Here is some more information about the "aaa authenticate console" command: