cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

984
Views
4
Helpful
6
Replies

Configuring Authorization ASA 5520

I have an ASA 5520 8.2(5) with ACS 5.1, I made the configutation of Authentication and is working well, now how I can configure the authorization and get  into the privileged level 15 mode directly.

Thanks.

6 REPLIES 6
Tarik Admani
Advocate

Adrian,

You can not directly get priv 15 access on the ASA, it will always prompt you for the enable password.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik how I can configure correctly authorization in the ASA because I made the configuration after that I can ingress with the enable password into the privilege mode but I can't execute any command.

Thanks for the help.

Adrian,

This is a common issue, it may be related to the authorization profile which doesnt have the command set option visible for you to be able to run any commands.

Please go to your tacacs authorization policy and select the "Customize" button on the bottom right. After seeing the Customize button please see if the "Command Sets" option is moved over from the left to the right. Once you move it over click save.

After that you should see that the command set is set to deny all commands, make the change to permit and that should resolve this issue.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik, this configuration have to be made in the ACS? Because I have a user enabled like administrator and this user work well with all devices in the network, only I have problem with the ASA.

Thanks.

Adrian,

What errors are you seeing on the ASA? You will still need to add priv level 15 in the tacacs response. You just can get straight into exec like you can on the IOS devices (with aaa authorization exec...) you will still have to provide the correct enable password.

Thanks

Tarik Admani
*Please rate helpful posts*

I figure out that I need to login twice in the ASA, now for have working well the authorization I am not sure where is the wrong configuration in the ASA or in the ACS.

Thanks.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube