https://community.cisco.com/t5/network-access-control/asdm-access-and-local-username-pw/m-p/1014617#M385537 <P>Ok, I happened upon this today and thought it was a bit weird. We have a pair of ASA5520 as our primary firewalls. </P><P>We are using EasyVPN,and the usernames authenticate via the local username / PW configured on the firewall. All of these usernames have Privilege 0, however, these usernames are able to log into the firewall via SSH, AND when I use one of them to log into ASDM, they can go in and make config changes. I don't like that.I'm sure you can see why... How do I make it so that only my level 15 priv username can get logged in via ASDM? I've looked into AAA command authorization, but I don't see how that would apply to ASDM access.</P><P></P><P>Firewall setup:</P><P>aaa authentication http console LOCAL</P><P>aaa authentication ssh console LOCAL</P><P>aaa authentication enable console LOCAL</P><P></P><P>username user password password priv 15</P><P>username user1 password password1 priv 0</P><P>username user2 password password2 priv 0</P><P>username user3 password password3 priv 0</P><P></P> Sun, 10 Mar 2019 22:50:10 GMT rtjensen4 2019-03-10T22:50:10Z https://community.cisco.com/t5/network-access-control/asdm-access-and-local-username-pw/m-p/1014617#M385537 <P>Ok, I happened upon this today and thought it was a bit weird. We have a pair of ASA5520 as our primary firewalls. </P><P>We are using EasyVPN,and the usernames authenticate via the local username / PW configured on the firewall. All of these usernames have Privilege 0, however, these usernames are able to log into the firewall via SSH, AND when I use one of them to log into ASDM, they can go in and make config changes. I don't like that.I'm sure you can see why... How do I make it so that only my level 15 priv username can get logged in via ASDM? I've looked into AAA command authorization, but I don't see how that would apply to ASDM access.</P><P></P><P>Firewall setup:</P><P>aaa authentication http console LOCAL</P><P>aaa authentication ssh console LOCAL</P><P>aaa authentication enable console LOCAL</P><P></P><P>username user password password priv 15</P><P>username user1 password password1 priv 0</P><P>username user2 password password2 priv 0</P><P>username user3 password password3 priv 0</P><P></P> Sun, 10 Mar 2019 22:50:10 GMT https://community.cisco.com/t5/network-access-control/asdm-access-and-local-username-pw/m-p/1014617#M385537 rtjensen4 2019-03-10T22:50:10Z https://community.cisco.com/t5/network-access-control/asdm-access-and-local-username-pw/m-p/1014618#M385589 <HTML><HEAD></HEAD><BODY><P>To achieve this you need to enable authorization. </P><P></P><P>aaa authorization command LOCAL</P><P></P><P>Let me know if you have any questions.</P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Do rate helpful posts</P></BODY></HTML> Fri, 09 May 2008 01:50:39 GMT https://community.cisco.com/t5/network-access-control/asdm-access-and-local-username-pw/m-p/1014618#M385589 Jagdeep Gambhir 2008-05-09T01:50:39Z