I want to restrict CLI access to our ASA 5510 to one Active Directory group. Currently the ASA authenticates against our LDAP/AD server, and anyone in the organization can log into the ASA using HyperTerminal (enable password is another matter, however).
How can I narrow such access to only our IT group, which has its own AD container?
Thanks for the help on this. What I've done is to remove AD/Radius authentication entirely from ASA login (ASDM,Telnet,SSH), going strictly with LOCAL accounts. This ensures run-of-the-mill users can't sign into the ASA over the network, and contiues access in case my AD server goes down and I need to get into the ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...