Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bronze

ASDM Access and local username/PW

Ok, I happened upon this today and thought it was a bit weird. We have a pair of ASA5520 as our primary firewalls.

We are using EasyVPN,and the usernames authenticate via the local username / PW configured on the firewall. All of these usernames have Privilege 0, however, these usernames are able to log into the firewall via SSH, AND when I use one of them to log into ASDM, they can go in and make config changes. I don't like that.I'm sure you can see why... How do I make it so that only my level 15 priv username can get logged in via ASDM? I've looked into AAA command authorization, but I don't see how that would apply to ASDM access.

Firewall setup:

aaa authentication http console LOCAL

aaa authentication ssh console LOCAL

aaa authentication enable console LOCAL

username user password password priv 15

username user1 password password1 priv 0

username user2 password password2 priv 0

username user3 password password3 priv 0

1 REPLY

Re: ASDM Access and local username/PW

To achieve this you need to enable authorization.

aaa authorization command LOCAL

Let me know if you have any questions.

Regards,

~JG

Do rate helpful posts

186
Views
0
Helpful
1
Replies
CreatePlease to create content