31-20
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 31 Configuring AAA Servers and the Local Database
Adding a User Account
• Full Access (ASDM, Telnet, SSH and console)—If you configure authentication for management
access using the local database (see the “Configuring Authentication for CLI, ASDM, and enable
command Access” section on page 32-11), then this option lets the user use ASDM, SSH, Telnet,
and the console port. If you also enable authentication, then the user can access global configuration
mode.
–
Privilege Level—Selects the privilege level for this user to use with local command
authorization. The range is 0 (lowest) to 15 (highest) See the “Configuring Command
Authorization” section on page 32-13 for more information.
• CLI login prompt for SSH, Telnet and console (no ASDM access)—If you configure
authentication for management access using the local database (see the “Configuring Authentication
for CLI, ASDM, and enable command Access” section on page 32-11), then this option lets the user
use SSH, Telnet, and the console port. The user cannot use ASDM for configuration (if you
configure HTTP authentication). ASDM monitoring is allowed. If you also configure enable
authentication, then the user cannot access global configuration mode.
• No ASDM, SSH, Telnet, or console access—If you configure authentication for management
access using the local database (see the “Configuring Authentication for CLI, ASDM, and enable
command Access” section on page 32-11), then this option disallows the user from accessing any
management access method for which you configured authentication (excluding the Serial option;
serial access is allowed).
Step 8 If you want to configure VPN policy attributes for this user, see the “Configuring VPN Policy Attributes
for a User” section on page 31-20.
Step 9 Click Apply.
The user is added to the local adaptive security appliance database, and changes are saved to the running
configuration.
Note To configure the enable password from the User Accounts pane (see the “Configuring the Hostname,
Domain Name, and Passwords” section on page 9-1), change the password for the enable_15 user. The
enable_15 user is always present in this pane, and represents the default username. This method of
configuring the enable password is the only method available in ASDM for the system configuration. If
you configured other enable level passwords at the CLI (enable password 10, for example), then those
users are listed as enable_10, and so on.
Configuring VPN Policy Attributes for a User
By default, each user inherits the settings set in the VPN policy. To override the settings, you can
customize VPN attributes by performing the following steps:
Step 1 If you have not already added a user according to the “Adding a User Account” section on page 31-18,
from the Configuration > Device Management > Users/AAA > User Accounts pane, click Add.
The Add User Account-Identity dialog box appears.
Step 2 In the left-hand pane, click VPN Policy.
To Next Page
Loading...
Need help?
General
