We just migrated from 3.3 something to 4.0 a few weeks ago. On the old system, we had two administrative users: administrator (with full rights) and hd (with rights only to see logged in users and failed attempts). After the conversion, and moving to a new server, all of which worked flawlessly, the administrator user works fine. However, the hd user gets a "login failed" every time someone tries to log in, even with a good password. (I've reset the password to easy things, removed the password, etc.)
Also, if I edit the hd user, and click on "Grant All" for access, hd can log in. I've tried going through the items a few at a time to see if there is one that can be turned on and allow it to work, but haven't found one, and it's extremely time-consuming to go through attributes one at a time, log out, and log back in to troubleshoot. This happens with a brand new administrator as well - if it hasn't got full rights, it can't og in.
The administration audit log is not very helpful, only listing:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...