cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1822
Views
0
Helpful
8
Replies

ASA5520 for limited operators

dimaonline
Level 1
Level 1

Hi

I need limited access to cisco ASA 5520 for same operators. This operators can switch on/off vpn policy ONLY

I grant "privilege cmd level 3 mode group-policy command vpn-tunnel-protocol","privilege cmd level 3 mode exec command configure" and "privilege cmd level 3 mode exec command write"

But I receive error on "write memory" command:

write memory

Building configuration...

Error executing command

[FAILED]


Why?

PS: write terminal WORK.

8 Replies 8

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

can you paste the ouput for the following:

"show run privilege command write"

Thanks,

Tarik Admani

# show run privilege command write

privilege cmd level 3 mode exec command write

#

What version is your ASA on?

thanks

Tarik Admani

Cisco Adaptive Security Appliance Software Version 8.2(5)13

Device Manager Version 6.4(7)

I checked the bug toolkit and didnt see a match for this error, its clearly configured correctly from what I can tell. I would suggest opening a TAC case to see if there are any internal bugs that may not have been public yet. Do you have another ASA that is running a different version experiencing the same issue?

Thanks

Tarik Admani

I have second ASA but it have same version.
I haven't smartnet for opening TAC.

I think a problem in access to flash for level 3

Hi Bro

Yes, your assumption is correct. WRITE MEMORY COMMAND can only be executed by usernames with privilege 15 ONLY. I did a simple test just for you in my lab, as shown below;


username ramraj password xBXQhLMSw3EzEgAY encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 7


privilege cmd level 7 command write

aaa authentication serial console LOCAL
aaa authorization command LOCAL
aaa authentication enable console LOCAL


Username: cisco
Password: *****
Type help or '?' for a list of available commands.


FW1> enable
Password: *****

FW1# write memory
Building configuration...
Error executing command
[FAILED]

FW1# show curpriv

Username : cisco

Current privilege level : 7

Current Mode/s : P_PRIV

Warm regards,
Ramraj Sivagnanam Sivajanam

hhoujou
Level 1
Level 1

you must also change copy command

exp.

privilege cmd level 3 mode exec command copy