On a temp basis I've created a LOCAL username database on the ASA to authenticate inbound VPN client connections - this works fine. However, I notice that these same username/passwords can be used to login to the ASA - not what I desire. How do I correct this? I set the priv level to 0 for all users, but that did not help.
Any users created in local database can still login into your ASA. But you can control/limit thier access using command authorization/local command authorization where they are not able to enter privileged mode.
Set the command authorization to all VPN users based on their priv level (default priv level 2).
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...