Cisco ASA 5505 Configuration Manual page 683
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 32
Configuring Management Access
•
•
•
•
•
Configuring Authentication for CLI, ASDM, and enable command Access
If you enable CLI authentication, the adaptive security appliance prompts you for your username and
password to log in. After you enter your information, you have access to user EXEC mode.
To enter privileged EXEC mode, enter the enable command or the login command (if you are using the
local database only).
If you configure enable authentication, the adaptive security appliance prompts you for your username
and password. If you do not configure enable authentication, enter the system enable password when
you enter the enable command (set by the enable password command). However, if you do not use
enable authentication, after you enter the enable command, you are no longer logged in as a particular
user. To maintain your username, use enable authentication.
For authentication using the local database, you can use the login command, which maintains the
username but requires no configuration to turn on authentication.
Before the adaptive security appliance can authenticate a Telnet, SSH, or HTTP user, you must first
Note
configure access to the adaptive security appliance. See the
Telnet, or SSH" section on page
communicate with the adaptive security appliance.
Detailed Steps
To configure CLI, ASDM, or enable authentication, perform the following steps:
To authenticate users who use the enable command, go to Configuration > Device Management >
Step 1
Users/AAA > AAA Access > Authentication, and configure the following settings:
a.
b.
c.
Step 2
To authenticate users who access the CLI or ASDM, go to Configuration > Device Management >
Users/AAA > AAA Access > Authentication, and configure the following settings:
a.
•
OL-20339-01
Limiting User CLI and ASDM Access with Management Authorization, page 32-12
Configuring Command Authorization, page 32-13
Configuring Management Access Accounting, page 32-22
Viewing the Current Logged-In User, page 32-23
Recovering from a Lockout, page 32-24
Check the Enable check box.
From the Server Group drop-down list, choose a server group name or the LOCAL database.
(Optional) If you chose a AAA server, you can configure the adaptive security appliance to use the
local database as a fallback method if the AAA server is unavailable. Click the Use LOCAL when
server group fails check box. We recommend that you use the same username and password in the
local database as the AAA server because the adaptive security appliance prompt does not give any
indication which method is being used.
Check one or more of the following check boxes:
HTTP/ASDM—Authenticates the ASDM client that accesses the adaptive security appliance using
HTTPS. You only need to configure HTTP authentication if you want to use a AAA server. By
default, ASDM uses the local database for authentication even if you do not configure this
command.
32-1. This configuration identifies the IP addresses that are allowed to
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring AAA for System Administrators
"Configuring Device Access for ASDM,
32-11
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
