10-12-2018 05:05 AM
Hello everybody
I've inherited some old config, and I'm wondering about the VPN users created on an ASA 5545, software version 9.4(4)16
Apparently, all VPN-users have been assigned privilege level 2, with ASDM/CLI-access.
When trying to disable ASDM/CLI-access, the users cannot log in to the VPN-client anymore.
Should a local/AAA-user on the ASA really have access to the ASDM/CLI/SSH to be able to log in to the VPN-client (AnyConnect)? How can I avoid this?
Solved! Go to Solution.
10-12-2018 07:29 AM
You can lower VPN users to privilege level 0 and then also specify the service-type be remote-access only:
username <username here> password <plain text password> privilege 0
username <username here> attributes vpn-group-policy DfltGrpPolicy (or whatever) service-type remote-access
10-12-2018 07:29 AM
You can lower VPN users to privilege level 0 and then also specify the service-type be remote-access only:
username <username here> password <plain text password> privilege 0
username <username here> attributes vpn-group-policy DfltGrpPolicy (or whatever) service-type remote-access
10-14-2018 10:16 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide