Solved: asa full access at priviledge level 0

Anatoly Fanrus · ‎10-22-2014

Hello,

help me pls, i get stuck,

when i connect to ASA (9.1.2) over ssh and logged under username "test" i can access priviledge 15 level??!!!

The same configuration on the another ASA (8.4) works ok.

How to limit that user only vpn access?

Here is configuration and

WS-SVC-ASA-SM1 / ASA 9.1.2

aaa authentication enable console LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL

username test password <***> encrypted privilege 0

username test attributes
service-type remote-access

Thanks in advance

Vibhor Amrodia · ‎10-22-2014

Hi,

I don't see any authorization commands configured on the ASA device. You would need that and privilege command for what you want that user privilege level user to access.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/access_management.html#wp1418140

Thanks and Regards,

Vibhor Amrodia

View solution in original post

Vibhor Amrodia · ‎10-22-2014

Hi,

I don't see any authorization commands configured on the ASA device. You would need that and privilege command for what you want that user privilege level user to access.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/access_management.html#wp1418140

Thanks and Regards,

Vibhor Amrodia