in
IEOC CCIE Forums

IEOC - INE's Online Community

Welcome to INE's Online Community - IEOC - a place for CCIE and CCENT candidates to connect, share, and learn. Our Online Community features CCIE forums and discussions for all tracks including Routing & Switching, Voice, Security, Service Provider, Wireless,, and Storage. Through these online communities you can discuss your questions with thousands of your peers, hundreds of CCIE's and INE's own team of world renowned CCIE instructors and authors, Brian Dennis - Quintuple CCIE #2210, Brian McGahan – Triple CCIE #8593, Petr Lapukhov - Quad CCIE #16379, and Mark Snow - Dual CCIE #14073.
Latest post 04-15-2014 6:32 AM by cristian.matei. 1 replies.
Page 1 of 1 (2 items)
Sort Posts: Previous Next
  • 04-09-2014 7:10 PM

    Section 4: Identity Management, ASA Local Authentication

    Section 4: Identity Management

    ASA Local Authentication

     

    It's not clear to my why HTTP-USER would get locked out after 3 but NO-LOCK would not

     

     

    aaa local authentication attempts max-fail 3

    username HTTP-USER password HTTP-PASS privilege 15

    username NO-LOCK password NO-LOCK privilege 15

    • Post Points: 20
  • 04-15-2014 6:32 AM In reply to

    Re: Section 4: Identity Management, ASA Local Authentication

    Hi,

       Both theses users are not affected by the account lock feature, because have privilege-level 15 assigned. If you look at the solution, all users, except NO-LOCK have a privilege-level lower than 15 assigned, the user HTTP-USER requires privilege-level 15 to manage the ASA via ASDM (this is becasue command authorization has been configured).

      So to answer your question, both users are not affected by the policy, but task requirements are satisified as you need to assign priv 15 also to user HTTP-USER.

    Regards,

    Cristian.

    Cristian Matei, CCIE #23684 (SC/R&S)
    cmatei@ine.com


    InternetworkExpert Inc.
    http://www.ine.com
    Online Community: http://www.ieoc.com
    CCIE Blog: http://blog.ine.com

     

    • Post Points: 5
Page 1 of 1 (2 items)
IEOC CCIE Forums Internetwork Expert CCIE Training
About IEOC | Terms of Use | RSS | Privacy Policy
© 2010 Internetwork Expert, Inc. All Rights Reserved