I have two unrelated questions
background: I am running an asa 5505, 8.0.4, using direct LDAP for vpn authentication. no radius or tacacs+ server
1. in regards to IM inspection, I have been able to configure my ASA to filter based on a particular user name signing in to yahoo im. I set the action to log, however whenever I login using that account to test, the ASA drops the connection. It does not drop when using other usernames. I checked the policy setting and it keeps defaulting back to drop instead of log only. any way around this to just log when a given username is used to sign in?
2. I am trying to set up my asa so that I can control who logs in via ssh(ideally any management access) via ldap. I can get the authentication to work, but I would like to restrict it to a given group or group, the same way that I have the VPN set up to match an ldap group. Is this possible and how should i proceed?