Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
38-23
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 38 Configuring AAA Servers and the Local Database
Configuring AAA
Adding a User
To add a user to the local database, perform the following steps:
Detailed Steps
Step 1 Choose Configuration > Device Management > Users/AAA > User Accounts, and then click Add.
The Add User Account-Identity dialog box appears.
Step 2 In the Username field, enter a username from 4 to 64 characters long.
Step 3 In the Password field, enter a password between 3 and 32 characters. Passwords are case-sensitive. The
field displays only asterisks. To protect security, we recommend a password length of at least 8
characters.
Note To configure the enable password from the User Accounts pane (see the “Configuring the
Hostname, Domain Name, and Passwords” section on page 17-1), change the password for the
enable_15 user. The enable_15 user is always present in the User Accounts pane, and represents
the default username. This method of configuring the enable password is the only method
available in ASDM for the system configuration. If you configured other enable level passwords
at the CLI (enable password 10, for example), then those users are listed as enable_10, and so
on.
Step 4 In the Confirm Password field, reenter the password.
For security purposes, only asterisks appear in the password fields.
Step 5 To enable MS-CHAP authentication, check the User authenticated using MSCHAP check box.
This option specifies that the password is converted to Unicode and hashed using MD4 after you enter
it. Use this feature if users are authenticated using MS-CHAPv1 or MS-CHAPv2.
Step 6 To specify the VPN groups that the user belongs to, enter a group name in the Member of field, and click
Add.
To delete a VPN group, choose the group in the window, and click Delete.
Step 7 In the Access Restriction area, set the management access level for a user. You must first enable
management authorization by clicking the Perform authorization for exec shell access option on the
Configuration > Device Management > Users/AAA > AAA Access > Authorization tab.
Choose one of the following options:
Full Access (ASDM, Telnet, SSH and console)—If you configure authentication for management
access using the local database (see the “Configuring Authentication for CLI, ASDM, and enable
command Access” section on page 40-20), then this option lets the user use ASDM, SSH, Telnet,
and the console port. If you also enable authentication, then the user can access global configuration
mode.
Privilege Level—Selects the privilege level for this user to use with local command
authorization. The range is 0 (lowest) to 15 (highest). See the “Configuring Command
Authorization” section on page 40-22 for more information.
CLI login prompt for SSH, Telnet and console (no ASDM access)—If you configure
authentication for management access using the local database (see the “Configuring Authentication
for CLI, ASDM, and enable command Access” section on page 40-20), then this option lets the user