topic prevent SSL VPN user from accessing ASA cli in Network Access Control https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751456#M228738 <HTML><HEAD></HEAD><BODY><P>Hi bastien,</P><P></P><P>I already tried that but still the user is able to get CLI access.</P><P></P><P>grtz</P><P></P><P>raf </P></BODY></HTML> Mon, 19 Sep 2011 20:09:49 GMT raf.vanderveken 2011-09-19T20:09:49Z prevent SSL VPN user from accessing ASA cli https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751454#M228652 <P>Hi ,</P><P></P><P>I've configured several users on my ASA in it's local database. </P><P>Those users are used for ssl vpn login, but the problem that I have is that those users </P><P>also have SSH access. Is it possible to prevent this ? </P><P></P><P>Thanks</P> Mon, 11 Mar 2019 01:24:46 GMT https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751454#M228652 raf.vanderveken 2019-03-11T01:24:46Z prevent SSL VPN user from accessing ASA cli https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751455#M228719 <HTML><HEAD></HEAD><BODY><P>Hello Raf,</P><P></P><P>If you do something like this:</P><P>username xxx attributes</P><P>&nbsp;&nbsp; service-type remote-access</P><P></P><P>the user shouldn't get CLI access anymore.</P><P></P><P>Regards,</P><P>Bastien</P></BODY></HTML> Mon, 19 Sep 2011 09:23:19 GMT https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751455#M228719 Bastien Migette 2011-09-19T09:23:19Z prevent SSL VPN user from accessing ASA cli https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751456#M228738 <HTML><HEAD></HEAD><BODY><P>Hi bastien,</P><P></P><P>I already tried that but still the user is able to get CLI access.</P><P></P><P>grtz</P><P></P><P>raf </P></BODY></HTML> Mon, 19 Sep 2011 20:09:49 GMT https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751456#M228738 raf.vanderveken 2011-09-19T20:09:49Z prevent SSL VPN user from accessing ASA cli https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751457#M228771 <HTML><HEAD></HEAD><BODY><P>Hi Raf,</P><P>Please try to add the following command:</P><P>aaa authorization exec LOCAL</P><P></P><P>This should fix your problem.</P></BODY></HTML> Tue, 20 Sep 2011 07:56:58 GMT https://community.cisco.com/t5/network-access-control/prevent-ssl-vpn-user-from-accessing-asa-cli/m-p/1751457#M228771 Bastien Migette 2011-09-20T07:56:58Z