11-05-2009 09:55 AM
Is there a way to allow users WebVPN (SSL) access through the ASA (8.2.1) without allowing them to connect via ASDM, SSH, Telnet or CLI? I would like to prevent my VPN users from accessing the configuration of the firewall.
I see in ASDM that there's some wording about 'this is effective only if AAA authenticate console command is configured' but I don't understand what it's explaining.
Thanks in advance,
Greg
Solved! Go to Solution.
11-05-2009 11:15 AM
You can restrict local users with the following:
username
service-type remote-access
You need the aaa autenticate console commands because when its not defined you can come in as the default username (pix) or no username at all and the enable password (in the case of ASDM). If there is no username sent, then we obviously can't check for the "service-type" option in the username attributes. Here is some more information about the "aaa authenticate console" command:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a1.html#wp1535834
-heather
11-05-2009 11:15 AM
You can restrict local users with the following:
username
service-type remote-access
You need the aaa autenticate console commands because when its not defined you can come in as the default username (pix) or no username at all and the enable password (in the case of ASDM). If there is no username sent, then we obviously can't check for the "service-type" option in the username attributes. Here is some more information about the "aaa authenticate console" command:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/a1.html#wp1535834
-heather
11-06-2009 04:38 AM
Based on your post, Heather, I ended up setting the priviledge for my VPN users to 0. This allows them to connect to the webvpn interface. It also allows them to connect to the ASA, but with extremely restrictive read-only rights.
I think the info you provided me would do exactly what I want, but my end solution is simpler and more straightforward to configure/maintain.
Thanks,
Greg
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide