Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1132
Views
0
Helpful
3
Replies

Restrict ASDM access via AAA server

steking
Level 1
Level 1

‎02-03-2006 05:58 AM - edited ‎02-21-2020 10:14 AM

I cannot seem to restrict a users' access to the monitor tab or to read-only access. I have been told it can be done. Help!

PIX 7.0(2) - ASDM 5.0(2)

Labels:
0 Helpful
3 Replies 3

mheusinger
Level 10
Level 10

‎02-05-2006 01:40 PM

Hello,

In the ADSM you should find the settings under

Configuration > Features > Device Administration > Administration > AAA Access > Authorization Tab

Authorization lets you control access per user after you authenticate with a valid username and

password. You can configure the security appliance to authorize management commands.

Authorization lets you control which services and commands are available to an individual user.

Authentication alone provides the same access to services for all authenticated users.

When you enable command authorization, you have the option of manually assigning privilege levels to

individual commands or groups of commands (using the Advanced... button) or enabling the Predefined

User Account Privileges (using the Restore Predefined User Account Privileges button).

The Predefined User Account Privileges Setup panel displays a list of commands and privileges ASDM

issues to the security appliance if you click Yes. Yes allows ASDM to support the three privilege levels:

Admin, Read Only and Monitor Only.

The complete explanation can be found in "ASDM Online Help, Release 5.0" at http://www.cisco.com/application/pdf/en/us/guest/products/ps6121/c1225/ccmigration_09186a008045786c.pdf

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful

steking
Level 1
Level 1
In response to mheusinger

‎02-06-2006 04:48 AM

Yes, I can see how this is done if I am doing LOCAL authentication, but if I am authenticating through a AAA server I have to set the authorization on the AAA server and it doesn't seem to work. I am using Cisco ACS TACAS+ server.

0 Helpful

mheusinger
Level 10
Level 10
In response to steking

‎02-06-2006 07:13 AM

Oh, sorry I have overlooked your request for ACS.

The description on how to setup command authorization with ACS is found at

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080450d39.html#wp1042041

In your case the description on how to configure the ACS with examples is at "Configuring Commands on the TACACS+ Server" at

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a0080450d39.html#wp1042043

Hope this helps! Please rate all posts.

Regards, Martin

0 Helpful
Customers Also Viewed These Support Documents