Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3070
Views
0
Helpful
2
Replies

Give read-only access to Cisco ASA using TACACS+ through the Cisco Secure ACS (version 5.2) server

aditithanki
Level 1
Level 1

‎06-21-2012 01:21 PM

I would really appreciate any help in this matter.

I want to know how to give read-only access to Cisco devices (network switches, routers and appliances) using TACACS+ through the Cisco Secure ACS server (The TACACS+ server).

In my case, I want to assign read-only access to the Cisco ASA Firewall using TACACS+ through Cisco ACS server. I'm new to this so a complete breakdown would be much appreciated.

Thanks in advance

- Aditi

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎06-23-2012 10:40 AM

Aditi

For access to the ASA using the command line this is fairly easy and is quite similar to the way you would do it with other Cisco routers or switches. When you log in you are at the user mode which supplies read only access and you use the enable command to get to privilege mode and ACS can be configured to differentiate users who should get level 15 access from those who should not get level 15 access.

But accessing the ASA using the ASDM is quite different. ASDM defaults to giving a user capability to use commands at advanced privilege mode. I worked on this issue for a customer and found a solution. We created authorization sets and one authorization command set contained show commands and a few other things that we wanted restricted users to be able to do. And we configured ACS to assign this authorization command set to those users who should be read only. (and we had a authorization command set which contained access to all commands to be used for users who should have full access.) We did this using the 4.2 version of ACS so the mechanics of what we did would be quite different from what you would need to do with 5.2. But I hope it gives you some insight into how to approach this.

HTH

Rick

HTH

Rick
0 Helpful

sachin.chouhan
Level 1
Level 1
In response to Richard Burts

‎10-03-2016 02:20 AM

Hi All,

I want to know how to give read-only access to Cisco ASA firewall using TACACS+ through the

Cisco Secure ACS server 5.8 (The TACACS+ server).

I am having  router switch and ASA firewall in a group and i am able to full access all devices  using TACACS+ but I want to create separate firewall group and user to provide only read access to firewall device only. 

 I want to assign read-only access to the Cisco ASA Firewall using TACACS+ through Cisco ACS server. I'm new to this so a complete breakdown would be much appreciated.

Will you please help me ?

Thanks in advance. 

Thanks in advance

0 Helpful
Customers Also Viewed These Support Documents