About the Author

author photo

Joe Harris, CCIE No. 6200 (R&S, Security & SP) is a Systems Engineer with Cisco Systems® specializing in Security. In addition to authoring Cisco Network Security Little Black Book, Joe has also been a technical reviewer for several Cisco Press publications and written articles, white papers, and presentations on various security technologies. He also assists various Certification Partners by beta testing their newest CCIE certification workbooks and has been recognized by Cisco as an SE Wall of Fame award winner.

See All Posts by This Author

Setting up AAA on the ASA using the Local Database

June 24th, 2008 • RelatedFiled Under

This document provides step-by-step instructions on setting up users via the ASA local database for Authentication and Authorization of ASDM, Console access and SSH. The focus is on Authorization and how to provide limited command access to a user. Although most organizations provide the same functionality via RADIUS or TACACS+ this document aims to provide you with an example of how you can do the same thing only via the LOCAL Database. You can download the example here: AAA on the ASA via LOCAL Database

There Are 2 Responses So Far. »

  1. Gravatar

    Comment by Fernando CANADA Windows XP Mozilla Firefox 3.0 on 24 June 2008:

    Thanks for the document!
    Quick question: is there a way of restricting logins from a locally defined user to a set of IP addresses? Something like: SSH is open to everybody, but user ‘nocaccount’ can only log in from a specific subnet?

  2. Gravatar

    Comment by Joe Harris UNITED STATES Windows XP Internet Explorer 7.0 on 25 June 2008:

    Hi Fernando, you will not be able to accomplish this using the LOCAL database however you can if you perform AAA via CiscoSecure ACS server.