Hi all. I have enabled ssh as a form of remote access to my asa5510. However i notice user accounts that were added to my asa5510 for vpn purpose are able to access my firewall using ssh as well. Hence is it possible to restrict to only specific users to access firewall using ssh? Can i configure that using asdm?
If both are using the local database (SSH and VPN) I don't think you can restrict based on any particular user. However you can restrict management acecss based on IP addresses, so just add the NetOps/Secops IPs. Also VPN users can be restricted using the vpn-filter command AFAIR. Even if they logon to the level 1 prompt, they would still require the enable password to cause severe damage (But still this is bad for security anyway).
The best approach is to use an external AAA server.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.