Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
140
Views
0
Helpful
1
Replies

ASA Exclusive Configuration Change Access

jmmccarty70
Beginner
Beginner

‎01-20-2016 11:41 AM - edited ‎03-12-2019 12:10 AM

I am working with a group that has multiple people managing a group of ASA's. Is there an ASA equivalent to the IOS configuration mode exclusive command? To make it so only one person at a time can be in configuration mode?

Thanks!

 -John

Labels:
0 Helpful
1 Reply 1

Philip D'Ath
VIP Alumni
VIP Alumni

‎01-20-2016 03:53 PM

Didn't know about that IOS command, very interesting!

I am not aware of any such command on the ASA.

Some other more painful options:

  • I have a client that doesn't let anyone know the whole enable password, only half of it.  So to make a change you have to get two people who know a different half of the enable password to make a change.  In your case, the change approver could be the only person who knows the second half, and then there is one person who knows who is in enable mode at any one time.
  • Use TACACS+ with a OTP (one time password), and only let the person who approves the changes control the OTP.  Google Authenticator is free and can be used with the free TACACS server.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents