Filter
Top Products
14-20
Cisco ASDM User Guide
OL-16647-01
Chapter 14 Configuring AAA Servers and the Local Database
Adding a User Account
• Full Access (ASDM, Telnet, SSH and console)—If you configure authentication for management
access using the local database, then this option lets the user use ASDM, SSH, Telnet, and the
console port. If you also configure enable authentication, then the user can access global
configuration mode.
–
Privilege Level—Selects the privilege level for this user to use with local command
authorization. The range is 0 (lowest) to 15 (highest).
• CLI login prompt for SSH, Telnet and console (no ASDM access)—If you configure
authentication for management access using the local database, then this option lets the user use
SSH, Telnet, and the console port. The user cannot use ASDM for configuration (if you configure
HTTP authentication). ASDM monitoring is allowed. If you also configure enable authentication,
then the user cannot access global configuration mode.
• No ASDM, SSH, Telnet, or console access—If you configure authentication for management
access using the local database, then this option disallows the user from accessing any management
access method for which you configured authentication (excluding the Serial option; serial access
is allowed).
Step 8 If you want to configure VPN policy attributes for this user, see the “Configuring VPN Policy Attributes
for a User” section on page 14-20.
Step 9 Click Apply.
The user is added to the local security appliance database and changes are saved to the running
configuration.
Note To configure the enable password from the User Accounts pane (instead of in Device Name/Password,
page 6-12), change the password for the enable_15 user. The enable_15 user is always present in this
pane, and represents the default username. This method of configuring the enable password is the only
method available in ASDM for the system configuration. If you configured other enable level passwords
at the CLI (enable password 10, for example), then those users are listed as enable_10, etc.
Configuring VPN Policy Attributes for a User
By default, each user inherits the settings set in the VPN policy. To override the settings, you can
customize VPN attributes by performing the following steps:
Step 1 If you have not already added a user according to the “Adding a User Account” section on page 14-18,
from the Configuration > Device Management > Users/AAA > User Accounts pane, click Add.
The Add User Account—Identity dialog box appears.
Step 2 In the left-hand pane, click VPN Policy.
By default, the Inherit check box is checked for each option, which means the user account inherits the
settings from the VPN policy. To override each setting, uncheck Inherit, and fill in a new value:
• Group Policy—Choose a group policy from the list.
• Tunneling Protocols—Specifies what tunneling protocols that this user can use, or whether to inherit
the value from the group policy. Check the desired Tunneling Protocols check boxes to select the
VPN tunneling protocols that this user can use. Users can use only the selected protocols. The
choices are as follows: