Re: OT: ASA virtual context access from Brandon Carroll on 2010-05-04 (Ccielab archives 05/2010)

From: Brandon Carroll <bcarroll_at_ipexpert.com>
Date: Tue, 4 May 2010 16:57:01 -0700

So the question is how do you want them to manage the context? ASDM? SSH? The answer is Yes, a user can be given access to just one context for management purposes. Inside that context create a username and password, or go to aaa if thats whats happening already, and then use http or ssh commands to all access from wherever that user is.

So here is the breakdown assuming you already have a context: (This is done inside the context so you need to have it addressed and reachable by the user.)

First go into the context:

ASA(config)#changeto context user
ASuser(config)#

Then do one of the following:

domain-name mydomain.com
cry key gen rsa gen mod 1024 (or something to that effect.)

username user pass lockedin

ssh 10.1.1.100 255.255.255.255 inside
aaa authentication ssh console local

or:

username user pass lockedin

http server enable
http 10.1.1.100 255.255.255.255 inside
aaa authentication http console local

HTH.

Regards,

Brandon Carroll - CCIE #23837
Senior Technical Instructor - IPexpert
Mailto: bcarroll_at_ipexpert.com
Telephone: +1.810.326.1444
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130

IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com

On May 4, 2010, at 4:41 PM, Radioactive Frog wrote:

> Guys,
> Is there a way we can give access to a articular ASA virtual context to a
> user?
> e.g. user should be able to manage only one Virtual context.
>
> ASA version 8.x
>
> frog
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue May 04 2010 - 16:57:01 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:52 ART