Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1051
Views
0
Helpful
2
Replies

Can you restrict a user in ASDM to only allow them to log a user out of a VPN session

fbarnett
Level 1
Level 1

‎03-21-2013 12:29 PM - edited ‎02-21-2020 04:51 AM

We support many clients and we have found that many of them are sharing VPN credentials when logging in via AnyConnect/WebVPN. We were thinking about restricting simultaneous log in to 1. I also know that users may have situations where they lock up a session due to ISP or PC issues and won't be able to connect again until that session drops from the ASA. We would like to enable our helpdesk to log in to the ASA via ASDM and be able to logout a user that has an active connection. This would be in the logging area of the ASA where they could highlight a user and click logout. Is it possible to restrict a user to just this and not allow them to make any other changes to the ASA?

0 Helpful
2 Replies 2

fbarnett
Level 1
Level 1

‎03-21-2013 12:42 PM

Correction:

"This would be in the monitoring area of the ASA where they could highlight a  user and click logout. Is it possible to restrict a user to just this  and not allow them to make any other changes to the ASA? "

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to fbarnett

‎03-21-2013 01:13 PM

You should be able to do that. You would create a new privilege level (ie 7), assign all commands to that level except (this is my guess) the command vpn-sessiondb, you would put that at a lower privilege level (ie 6). Here's a write-up that may help getting you in the right direction.

http://www.packetpros.com/2012/08/read-only-asdm.html

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card