1.4.3.2 Ensure 'aaa authentication http console' is configured correctly

Information

Authenticates ASDM users who access the security appliance over HTTP

Rationale:

By default, the enable password is used in combination with no username for http access. The aaa command is used to define the TACACS+/RADIUS authentication method. The local database can be mentioned as backup method to this primary method, failing that the ASDM will use the default administrator username and enabled password for authentication.

Solution

Configure the aaa authentication for http using the TACACS+ server-group as primary method and the local database as backup method.

HOSTNAME(CONFIG)#AAA AUTHENTICATION HTTP CONSOLE _<server-group_name_> LOCAL

See Also

https://workbench.cisecurity.org/files/1903

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-2(9), CSCv7|4.3

Plugin: Cisco

Control ID: d4ff0da66b55a79e92e087366607db460a79d51af34557a7f6b8b1a6371c2302