Cisco Systems OL-12180-01 manual Add/Edit User Account VPN Policy, 12-10

Page 10

Chapter 12 Configuring AAA Servers and User Accounts

Configuring the Local Database

Privilege Level—Selects the privilege level for this user to use with local command authorization. The range is 0 (lowest) to 15 (highest). See the “Configuring Local Command Authorization” section on page 13-31for more information.

CLI login prompt for SSH, Telnet and console (no ASDM access)—If you configure authentication for management access using the local database (see the “Configuring Authentication for CLI, ASDM, and enable command Access” section on page 13-27), then this option lets the user use SSH, Telnet, and the console port. The user cannot use ASDM for configuration (if you configure HTTP authentication). ASDM monitoring is allowed. If you also configure enable authentication, then the user cannot access global configuration mode.

No ASDM, SSH, Telnet, or console access—If you configure authentication for management access using the local database (see the “Configuring Authentication for CLI, ASDM, and enable command Access” section on page 13-27), then this option disallows the user from accessing any management access method for which you configured authentication (excluding the Serial option; serial access is allowed).

Modes

The following table shows the modes in which this feature is available:

Firewall Mode

Security Context

 

 

 

 

 

 

 

 

 

Multiple

 

 

 

 

 

 

Routed

Transparent

Single

Context

System

 

 

 

 

 

 

 

 

 

 

Add/Edit User Account > VPN Policy

Use this pane to specify VPN policies for this user. Check an Inherit check box to let the corresponding setting take its value from the group policy.

Fields

Group Policy—Lists the available group policies.

Tunneling Protocols—Specifies what tunneling protocols that this user can use, or whether to inherit the value from the group policy. Check the desired Tunneling Protocols check boxes to select the VPN tunneling protocols that this user can use. Users can use only the selected protocols. The choices are as follows:

IPSec—IP Security Protocol. IPSec provides the most complete architecture for VPN tunnels, and it is perceived as the most secure protocol. Both LAN-to-LAN (peer-to-peer) connections and client-to-LAN connections can use IPSec.

Clientless SSL VPN—VPN via SSL/TLS. Uses a web browser to establish a secure remote-access tunnel to a VPN Concentrator; requires neither a software nor hardware client. Clientless SSL VPN can provide easy access to a broad range of enterprise resources, including corporate websites, web-enabled applications, NT/AD file share (web-enabled), e-mail, and other TCP-based applications from almost any computer that can reach HTTPS Internet sites.

SSL VPN Client—Lets users connect after downloading the Cisco AnyConnect Client application. Users use a clientless SSL VPN connection to download this application the first time. Client updates then occur automatically as needed whenever the user connects.

 

ASDM User Guide

12-10

OL-12180-01

Image 10
Contents AAA Overview About Authentication12-1 About Accounting About AuthorizationAAA Server and Local Database Support 12-2Radius Server Support Summary of Support12-3 TACACS+ Server Support Authentication MethodsRadius Authorization Functions SDI Server SupportKerberos Server Support Two-step Authentication ProcessNT Server Support SDI Version SupportLocal Database Support Ldap Server SupportSSO Support for Clientless SSL VPN with Http Forms 12-6Fallback Support Configuring the Local DatabaseUser Profiles 12-7User Accounts 12-8Add/Edit User Account Identity 12-9Add/Edit User Account VPN Policy 12-1012-11 AAA Server Groups Identifying AAA Server Groups and Servers12-12 12-13 Add/Edit AAA Server Group 12-14Add/Edit AAA Server Edit AAA Local Server Group12-15 12-16 12-17 12-18 Test AAA Server 12-19Configuring an Authentication Prompt 12-20Configuring an Ldap Attribute Map 12-21Add/Edit Ldap Attribute Map Map Name Tab Add/Edit Ldap Attribute Map12-22 Add/Edit Ldap Attributes Value Map Add/Edit Ldap Attribute Map Map Value Tab12-23 12-24