Interface; Configuring Aaa For System Administrators; Configuring Authentication For Cli And Asdm Access - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Chapter 40
Managing System Access
Managing the Security Appliance on a Different Interface from
the VPN Tunnel Termination Interface
If your IPSec VPN tunnel terminates on one interface, but you want to manage the security appliance by
accessing a different interface, then enter the following command:
hostname(config)# management access management_interface
where management_interface specifies the name of the management interface you want to access when
entering the security appliance from another interface.
For example, if you enter the security appliance from the outside interface, this command lets you
connect to the inside interface using Telnet; or you can ping the inside interface when entering from the
outside interface.
You can define only one management-access interface.
Configuring AAA for System Administrators
This section describes how to enable authentication and command authorization for system
administrators. Before you configure AAA for system administrators, first configure the local database
or AAA server according to
This section includes the following topics:
•
•
•
•
•
•
•
Configuring Authentication for CLI and ASDM Access
If you enable CLI authentication, the security appliance prompts you for your username and password
to log in. After you enter your information, you have access to user EXEC mode.
To enter privileged EXEC mode, enter the enable command or the login command (if you are using the
local database only).
If you configure enable authentication (see the
section on page
not configure enable authentication, enter the system enable password when you enter the enable
command (set by the enable password command). However, if you do not use enable authentication,
after you enter the enable command, you are no longer logged in as a particular user. To maintain your
username, use enable authentication.
For authentication using the local database, you can use the login command, which maintains the
username but requires no configuration to turn on authentication.
OL-12172-03
Managing the Security Appliance on a Different Interface from the VPN Tunnel Termination Interface
Chapter 13, "AAA Server and Local Database Support."
Configuring Authentication for CLI and ASDM Access, page 40-5
Configuring Authentication To Access Privileged EXEC Mode (the enable Command), page 40-6
Limiting User CLI and ASDM Access with Management Authorization, page 40-7
Configuring Command Authorization, page 40-8
Configuring Command Accounting, page 40-17
Viewing the Current Logged-In User, page 40-17
Recovering from a Lockout, page 40-18
40-6), the security appliance prompts you for your username and password. If you do
"Configuring Authentication for the enable Command"
Cisco Security Appliance Command Line Configuration Guide
40-5
Advertisement
Table of Contents
Troubleshooting
