Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

two questions: IM inspection and SSH access via LDAP

I have two unrelated questions

background: I am running an asa 5505, 8.0.4, using direct LDAP for vpn authentication. no radius or tacacs+ server

1. in regards to IM inspection, I have been able to configure my ASA to filter based on a particular user name signing in to yahoo im. I set the action to log, however whenever I login using that account to test, the ASA drops the connection. It does not drop when using other usernames. I checked the policy setting and it keeps defaulting back to drop instead of log only. any way around this to just log when a given username is used to sign in?

2. I am trying to set up my asa so that I can control who logs in via ssh(ideally any management access) via ldap. I can get the authentication to work, but I would like to restrict it to a given group or group, the same way that I have the VPN set up to match an ldap group. Is this possible and how should i proceed?


Re: two questions: IM inspection and SSH access via LDAP

can u post ur config for the first question

then we can find if there is an error in the config or not