Re: OT: ASA virtual context access from Radioactive Frog on 2010-05-04 (Ccielab archives 05/2010)

From: Radioactive Frog <pbhatkoti_at_gmail.com>
Date: Wed, 5 May 2010 10:13:33 +1000

Thanks everyone who've responded!

Brandon, You were spot on -Thanks.
It works perfectly.

Had the following issue but got all options after activating crypto in
Virtual Context.

The command is not available in the user/cust context SSH

ASA01/CUST10# ssh ?

disconnect Specify SSH session id to be disconnected after this keyword
ASA01/CUST10# ssh

On Wed, May 5, 2010 at 9:57 AM, Brandon Carroll <bcarroll_at_ipexpert.com>wrote:

> So the question is how do you want them to manage the context? ASDM? SSH?
> The answer is Yes, a user can be given access to just one context for
> management purposes. Inside that context create a username and password, or
> go to aaa if thats whats happening already, and then use http or ssh
> commands to all access from wherever that user is.
>
> So here is the breakdown assuming you already have a context: (This is done
> inside the context so you need to have it addressed and reachable by the
> user.)
>
> First go into the context:
>
> ASA(config)#changeto context user
> ASuser(config)#
>
>
> Then do one of the following:
>
> domain-name mydomain.com
> cry key gen rsa gen mod 1024 (or something to that effect.)
>
> username user pass lockedin
>
> ssh 10.1.1.100 255.255.255.255 inside
> aaa authentication ssh console local
>
>
> or:
>
> username user pass lockedin
>
> http server enable
> http 10.1.1.100 255.255.255.255 inside
> aaa authentication http console local
>
>
> HTH.
>
>
> Regards,
>
> Brandon Carroll - CCIE #23837
> Senior Technical Instructor - IPexpert
> Mailto: bcarroll_at_ipexpert.com
> Telephone: +1.810.326.1444
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
>
> IPexpert is a premier provider of Self-Study Workbooks, Video on Demand,
> Audio Tools, Online Hardware Rental and Classroom Training for the Cisco
> CCIE (R&S, Voice, Security & Service Provider) certification(s) with
> training locations throughout the United States, Europe, South Asia and
> Australia. Be sure to visit our online communities at
> www.ipexpert.com/communities and our public website at www.ipexpert.com
>
>
>
> On May 4, 2010, at 4:41 PM, Radioactive Frog wrote:
>
> > Guys,
> > Is there a way we can give access to a articular ASA virtual context to a
> > user?
> > e.g. user should be able to manage only one Virtual context.
> >
> > ASA version 8.x
> >
> > frog
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed May 05 2010 - 10:13:33 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:52 ART