Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
454
Views
0
Helpful
0
Replies

ASDM access by active directory users

niLuxx
Level 1
Level 1

‎08-23-2019 01:31 AM

Dear community,

i would have a short question to you. We are using Cisco ASA 5508X in our office and doing homeoffice by using AnyConnect Client. We already configured user authentication against Active Directory server (Kerberos). Everything works fine, nevertheless we are facing some troubles adjusting access to management interfaces (ASDM, ssh connection to asa). The NAT rules and ACL were already configured, but unfortunately every person establishing a VPN connection now would have access to ASA management interfaces.

We already tried to enable "Identity options", but is it correct this cannot be used with Kerberos authentication? Is there another way to restrict access to ASDM for specific users connecting via VPN? 

Former we used LOCAL/AAA for authentication and assigned a static IP to specific usernames. Some IPs were permitted (other not) to call specific ports on ASA. That also did the job. Is there a similar way with AD-users and kerberos authentication?

 

Best regards

niLuxx

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents