Cisco Systems OL-12180-01 Add/Edit User Account

12-10

ASDM User Guide

OL-12180-01

Chapter12 Configuring AAA Servers and User Accounts

Configuring the Local Database

Privilege Level—Selects the privilege level for this user to use with local command

authorization. The range is 0 (lowest) to 15 (highest). See the“Configuring Local Command

Authorization” section on page 13-31 for more information.

–

CLI login prompt for SSH, Telnet and console (no ASDM access)—If you configure

authentication for management access using the local database (see the “Configuring

Authenticationfor CLI, ASDM, and enable command Access” section on page 13-27), then this

option lets the user use SSH, Telnet, and the console port. The user cannot use ASDM for

configuration(if you configure HTTP authentication). ASDM monitoring is allowed. If you also

configure enable authentication, then the user cannot access global configuration mode.

–

No ASDM, SSH, Telnet, or console access—If you configure authentication for management

access using the local database (see the “Configuring Authentication for CLI, ASDM, and

enable command Access” section on page 13-27), then this option disallows the user from

accessing anymanagement access method for which you configured authentication (excluding

the Serial option; serial access is allowed).

Modes

The following table shows the modes in which this feature is available:

Add/Edit User Account > VPN Policy

Usethis pane to specify VPN policies for this user. Check an Inherit check box to let the corresponding

setting take its value from the group policy.

Fields

•Group Policy—Lists the available group policies.

•TunnelingProtocols—Specifies what tunneling protocols that this user can use, or whether to inherit

the value from the group policy. Check the desired Tunneling Protocols check boxes to select the

VPN tunneling protocols that this user can use. Users can use only the selected protocols. The

choices are as follows:

IPSec—IP Security Protocol. IPSec provides the most complete architecture for VPN tunnels, and

it is perceived as the most secure protocol. Both LAN-to-LAN (peer-to-peer) connections and

client-to-LAN connections can use IPSec.

Clientless SSL VPN—VPN via SSL/TLS. Uses a web browserto establish a secure remote-access

tunnelto a VPN Concentrator; requires neither a software nor hardware client. Clientless SSL VPN

can provide easy access to a broad range of enterprise resources, including corporate websites,

web-enabled applications, NT/AD file share (web-enabled), e-mail, and other TCP-based

applications from almost any computer that can reach HTTPS Internet sites.

SSL VPN Client—Lets users connect after downloadingthe Cisco AnyConnect Client application.

Users use a clientless SSL VPN connection to download this application the first time. Client

updates then occur automatically as needed whenever the user connects.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

••••—