Configuring AAA for System Administrators
WebVPN and ASDM administration cannot be enabled on the same interface. If you enable WebVPN
Note
on an interface, then that interface cannot be used for ASDM.
To configure ASDM access, follow these steps:
Step 1
To identify the IP addresses from which the security appliance accepts HTTPS connections, enter the
following command for each address or subnet:
hostname(config)# http source_IP_address mask source_interface
Step 2
To enable the HTTPS server, enter the following command:
hostname(config)# http server enable
To specify the location of the ASDM image, enter the following command:
Step 3
hostname(config)# asdm image disk0:/asdmfile
For example, to enable the HTTPS server and let a host on the inside interface with an address of
192.168.1.2 access ASDM, enter the following commands:
hostname(config)# crypto key generate rsa modulus 1024
hostname(config)# write mem
hostname(config)# http server enable
hostname(config)# http 192.168.1.2 255.255.255.255 inside
To allow all users on the 192.168.3.0 network to access ASDM on the inside interface, enter the
following command:
hostname(config)# http 192.168.3.0 255.255.255.0 inside
Configuring AAA for System Administrators
This section describes how to enable authentication and command authorization for system
administrators. Before you configure AAA for system administrators, first configure the local database
or AAA server according to
This section includes the following topics:
•
•
•
•
•
•
Cisco Security Appliance Command Line Configuration Guide
40-4
Chapter 13, "AAA Server and Local Database Support."
Configuring Authentication for CLI Access, page 40-5
Configuring Authentication To Access Privileged EXEC Mode, page 40-5
Configuring Command Authorization, page 40-7
Configuring Command Accounting, page 40-14
Viewing the Current Logged-In User, page 40-14
Recovering from a Lockout, page 40-15
Chapter 40
Managing System Access
OL-10088-01