Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ASA5510 AAA LOCAL Login

On a temp basis I've created a LOCAL username database on the ASA to authenticate inbound VPN client connections - this works fine. However, I notice that these same username/passwords can be used to login to the ASA - not what I desire. How do I correct this? I set the priv level to 0 for all users, but that did not help.

2 REPLIES

Re: ASA5510 AAA LOCAL Login

Any users created in local database can still login into your ASA. But you can control/limit thier access using command authorization/local command authorization where they are not able to enter privileged mode.

Set the command authorization to all VPN users based on their priv level (default priv level 2).

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008063be93.html#wp1062044

http://www.cisco.com/en/US/partner/products/ps6120/products_configuration_guide_chapter09186a008063b3fc.html#wp1042034

Pls rate all useful post(s)

AK

287
Views
0
Helpful
2
Replies
CreatePlease to create content