Configuring user attributes, Viewing the username configuration, Configuring attributes for specific users – Cisco ASA 5505 User Manual
Page 1505
67-79
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 67 Configuring Connection Profiles, Group Policies, and Users
Configuring User Attributes
anyconnect ssl rekey {method {ssl | new-tunnel} | time minutes | none}}
By default, re-key is disabled.
Specifying the method as new-tunnel specifies that the AnyConnect client establishes a new tunnel
during SSL re-key. Specifying the method as none disables re-key. Specifying the method as ssl specifies
that SSL renegotiation takes place during re-key. Instead of specifying the method, you can specify the
time; that is, the number of minutes from the start of the session until the re-key takes place, from 1
through 10080 (1 week).
The following example configures the AnyConnect client to renegotiate with SSL during re-key and
configures the re-key to occur 30 minutes after the session begins:
hostname(config-group-webvpn)# anyconnect ssl rekey method ssl
hostname(config-group-webvpn)# anyconnect ssl rekey time 30
hostname(config-group-webvpn)#
Configuring User Attributes
This section describes user attributes and how to configure them. It includes the following sections:
•
Viewing the Username Configuration, page 67-79
•
Configuring Attributes for Specific Users, page 67-79
By default, users inherit all user attributes from the assigned group policy. The ASA also lets you assign
individual attributes at the user level, overriding values in the group policy that applies to that user. For
example, you can specify a group policy giving all users access during business hours, but give a specific
user 24-hour access.
Viewing the Username Configuration
To display the configuration for all usernames, including default values inherited from the group policy,
enter the all keyword with the show running-config username command, as follows:
hostname# show running-config all username
hostname#
This displays the encrypted password and the privilege level. for all users, or, if you supply a username,
for that specific user. If you omit the all keyword, only explicitly configured values appear in this list.
The following example displays the output of this command for the user named testuser:
hostname# show running-config all username testuser
username testuser password 12RsxXQnphyr/I9Z encrypted privilege 15
Configuring Attributes for Specific Users
To configure specific users, you assign a password (or no password) and attributes to a user using the
username command, which enters username mode. Any attributes that you do not specify are inherited
from the group policy.