Chapter 12 Configuring AAA Servers and User Accounts
Configuring the Local Database
Privilege Level—Selects the privilege level for this user to use with local command authorization. The range is 0 (lowest) to 15 (highest). See the “Configuring Local Command Authorization” section on page 13-31for more information.
–CLI login prompt for SSH, Telnet and console (no ASDM access)—If you configure authentication for management access using the local database (see the “Configuring Authentication for CLI, ASDM, and enable command Access” section on page 13-27), then this option lets the user use SSH, Telnet, and the console port. The user cannot use ASDM for configuration (if you configure HTTP authentication). ASDM monitoring is allowed. If you also configure enable authentication, then the user cannot access global configuration mode.
–No ASDM, SSH, Telnet, or console access—If you configure authentication for management access using the local database (see the “Configuring Authentication for CLI, ASDM, and enable command Access” section on page 13-27), then this option disallows the user from accessing any management access method for which you configured authentication (excluding the Serial option; serial access is allowed).
Modes
The following table shows the modes in which this feature is available:
Firewall Mode | Security Context | |
| | | | |
| | | Multiple | |
| | | | |
Routed | Transparent | Single | Context | System |
| | | | |
• | • | • | • | — |
| | | | |
Add/Edit User Account > VPN Policy
Use this pane to specify VPN policies for this user. Check an Inherit check box to let the corresponding setting take its value from the group policy.
Fields
•Group Policy—Lists the available group policies.
•Tunneling Protocols—Specifies what tunneling protocols that this user can use, or whether to inherit the value from the group policy. Check the desired Tunneling Protocols check boxes to select the VPN tunneling protocols that this user can use. Users can use only the selected protocols. The choices are as follows:
IPSec—IP Security Protocol. IPSec provides the most complete architecture for VPN tunnels, and it is perceived as the most secure protocol. Both LAN-to-LAN (peer-to-peer) connections and client-to-LAN connections can use IPSec.
Clientless SSL VPN—VPN via SSL/TLS. Uses a web browser to establish a secure remote-access tunnel to a VPN Concentrator; requires neither a software nor hardware client. Clientless SSL VPN can provide easy access to a broad range of enterprise resources, including corporate websites, web-enabled applications, NT/AD file share (web-enabled), e-mail, and other TCP-based applications from almost any computer that can reach HTTPS Internet sites.
SSL VPN Client—Lets users connect after downloading the Cisco AnyConnect Client application. Users use a clientless SSL VPN connection to download this application the first time. Client updates then occur automatically as needed whenever the user connects.
| ASDM User Guide |
12-10 | OL-12180-01 |
