Solved: Thank you for reply.

Pranav Mhatre · ‎12-17-2015

Hello All,

I am not able to not able to go to privilege level using enable password set using ACS 1121 (5.4.0.46).

Please find ASA details -

ASA5580-20
software version - 9.1

LAB-FW/act# show run | i aaa
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (inside) host 192.168.x.x
aaa authentication http console TACACS+ LOCAL
aaa authentication telnet console TACACS+ LOCAL
aaa authentication enable console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa accounting telnet console TACACS+
aaa accounting ssh console TACACS+
aaa accounting enable console TACACS+
no vpn-addr-assign aaa

I have created Shell profile as well & given privilege 15 to it.please find snap 1 of same in word doc attached

However when I try to create service profile I am getting error, please find snap 2 of same in word doc attached.

Kindly share your expertise.

Ivan Gonzalez · ‎12-17-2015

Hello Pranav,

For the authorization privileges to take effect you need to add the following command to your configuration on the ASA:

aaa authorization exec authentication-server

After adding it, the ASA will take into account the privilege level being sent by the ACS.

Related to the error you are getting on the GUI of the ACS, please make sure you are using supported browser for ACS 5.4 version based on the release notes :

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/release/notes/acs_54_rn.html#pgfId-222016

Note: Please mark it as answered if applicable.

View solution in original post

Ivan Gonzalez · ‎12-17-2015