06-13-2018 04:55 PM
Hello everyone,
I am trying to create a read-only authorization policy for firewalls for a particular team in ISE 2.4, but I am unable to do it efficiently. I have configured the shell profile for the team to have a default privilege of 1 and max of 7. But for some reason, whenever they log into the ASA, they say their 'login' password works fine, but their 'enable' password isnt working; as a result of which they are unable to get a privilege level of 7. I have tried enabling/disabling the 'enable' password but still its of no avail. So can someone help me out on this?
Regards.
Abhijit
Solved! Go to Solution.
06-13-2018 05:53 PM
ASA has no option for "enable" so its "enable" is actually "enable 15". Thus, please set the default privilege to 7.
06-13-2018 05:53 PM
ASA has no option for "enable" so its "enable" is actually "enable 15". Thus, please set the default privilege to 7.
06-14-2018 04:51 AM
IN my opinion the best way to do any sort of user levels on devices is to do command authorization. The ASA allows you to send users to priv 15 just like any other Cisco product. Send all users to priv 15 and do command authorization to create whatever class of users you want. If they are using ASDM you need to allow “write net” so the config can be sent into ASDM.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: