Section 4: Identity Management, ASA Local Authentication

Section 4: Identity Management

ASA Local Authentication


It's not clear to my why HTTP-USER would get locked out after 3 but NO-LOCK would not



aaa local authentication attempts max-fail 3

username HTTP-USER password HTTP-PASS privilege 15

username NO-LOCK password NO-LOCK privilege 15


  • Hi,

       Both theses users are not affected by the account lock feature, because have privilege-level 15 assigned. If you look at the solution, all users, except NO-LOCK have a privilege-level lower than 15 assigned, the user HTTP-USER requires privilege-level 15 to manage the ASA via ASDM (this is becasue command authorization has been configured).

      So to answer your question, both users are not affected by the policy, but task requirements are satisified as you need to assign priv 15 also to user HTTP-USER.



Sign In or Register to comment.