Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
291
Views
0
Helpful
1
Replies

Is it possible to limit access to only the SHOW XLATE cmd on a PIX?

dlac455
Level 1
Level 1

‎09-05-2003 07:18 AM - edited ‎02-20-2020 10:58 PM

Is it possible to limit a user's access to only the "show xlate" command on a PIX?

The purpose is:

An expect script to capture the user's global addresses if needed for later forensic evidence. The capture would be done on time period that coincides with the xlate timeout.

The expect script will need an account, but I would like to limit it's privilege level if possible. Does anyone have any suggestions?

0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎09-05-2003 07:55 AM

Should be able to. With a fairly recent pix os, you can use privilege levels. You would want to make the enable and show xlate commands a mid tier level, and create a special user account, and assign it that level

here is a link to the privilege command reference

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#42402

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card