Tarik how I can configure correctly authorization in the ASA because I made the configuration after that I can ingress with the enable password into the privilege mode but I can't execute any command.

Thanks for the help.

Adrian,

This is a common issue, it may be related to the authorization profile which doesnt have the command set option visible for you to be able to run any commands.

Please go to your tacacs authorization policy and select the "Customize" button on the bottom right. After seeing the Customize button please see if the "Command Sets" option is moved over from the left to the right. Once you move it over click save.

After that you should see that the command set is set to deny all commands, make the change to permit and that should resolve this issue.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik, this configuration have to be made in the ACS? Because I have a user enabled like administrator and this user work well with all devices in the network, only I have problem with the ASA.

Thanks.

Adrian,

What errors are you seeing on the ASA? You will still need to add priv level 15 in the tacacs response. You just can get straight into exec like you can on the IOS devices (with aaa authorization exec...) you will still have to provide the correct enable password.

Thanks

Tarik Admani
*Please rate helpful posts*

I figure out that I need to login twice in the ASA, now for have working well the authorization I am not sure where is the wrong configuration in the ASA or in the ACS.

Thanks.