EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #684 background imageLoading...
Page #684 background image
32-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 32 Configuring Management Access
Configuring AAA for System Administrators
Serial—Authenticates users who access the adaptive security appliance using the console port.
SSH—Authenticates users who access the adaptive security appliance using SSH.
Tel ne t—Authenticates users who access the adaptive security appliance using Telnet.
b. For each service that you checked, from the Server Group drop-down list, choose a server group
name or the LOCAL database.
c. (Optional) If you chose a AAA server, you can configure the adaptive security appliance to use the
local database as a fallback method if the AAA server is unavailable. Click the Use LOCAL when
server group fails check box. We recommend that you use the same username and password in the
local database as the AAA server because the adaptive security appliance prompt does not give any
indication which method is being used.
Step 3 Click Apply.
Detailed Steps
Limiting User CLI and ASDM Access with Management Authorization
If you configure CLI or enable authentication, you can limit a local user, RADIUS, TACACS+, or LDAP
user (if you map LDAP attributes to RADIUS attributes) from accessing the CLI, ASDM, or the enable
command.
Note Serial access is not included in management authorization, so if you enable the Authentication > Serial
option, then any user who authenticates can access the console port.
Detailed Steps
To configure management authorization, perform the following steps:
Step 1 To enable management authorization, go to Configuration > Device Management > Users/AAA > AAA
Access > Authorization, and check the Perform authorization for exec shell access > Enable check
box.
This option also enables support of administrative user privilege levels from RADIUS, which can be
used in conjunction with local command privilege levels for command authorization. See the
“Configuring Local Command Authorization” section on page 32-15 for more information.
Step 2 To configure the user for management authorization, see the following requirements for each AAA
server type or local user:
RADIUS or LDAP (mapped) users—Configure the Service-Type attribute for one of the following
values.
RADIUS or LDAP (mapped) users—Use the IETF RADIUS numeric Service-Type attribute which
maps to one of the following values.
Service-Type 6 (Administrative)—Allows full access to any services specified by the
Authentication tab options

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals