Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

PIX Local User Database and PIX login privilege

When we create a user in the local database of the PIX

for VPN authentication purpose with privilege level 2,

the user is able to login to PIX firewall and make changes.

How can we prevent this?

Thank you

3 REPLIES

Re: PIX Local User Database and PIX login privilege

You mean even if you changed ENABLE password he/she can still go to privilege mode using their own password?

Try to specify specific IP Address that only allowed to initiate telnet/ssh/http to PIX, and automatically deny others.

telnet xx.xx.xx.10 255.255.255.255 inside

http xx.xx.xx.10 255.255.255.255 inside

ssh xx.xx.xx.10 255.255.255.255 inside

It makes no different if we put the aaa authentication using local database if their account can still go in, get into privilege mode & make changes, right?

Rgds,

AK

Community Member

Re: PIX Local User Database and PIX login privilege

This does not help much.

a) The user works from the LAN of the PIX from which the administrator has to login to the PIX

b) The aaa local authentication is already used and privilege level 2 is gives the user write privilege

Please give me the commands which will restrict the privilege ,level> to only show commands in PIX ( as it works in Routers )

Thanks

Re: PIX Local User Database and PIX login privilege

401
Views
0
Helpful
3
Replies
CreatePlease to create content