cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2631
Views
0
Helpful
17
Replies

Local user for editing access-lists

idealo.de
Level 1
Level 1

Good Morning,

 

not sure if this is the right commnunity....anyway....

 

We are looking for a possibility to allow our User Helpdesk to modify access-lists on our Cisco ASA based client VPN. I'm wondering if it is possible to add a local user to the ASA who is allowed to enter configuration mode but can only execute commands like 'access-list ...'.

 

I already managed to set the privilege level so that the user can enter configuration mode and only see the access-list command but unfortunately he is not allowed to execute the command.

Any hint is appreciated.

 

Thank you.

------

asa-tst-rts# sh access-list
access-list Default; 10 elements; name hash: 0x2b24c7de
access-list Default line 1 remark ???
access-list Default line 2 standard permit host ???? (hitcnt=0) 0xe63fe3f9
access-list Default line 3 remark ???
access-list Default line 4 standard permit host ??? (hitcnt=0) 0x2f379ee1
[...]

asa-tst-rts# conf t

asa-tst-rts(config)# ?

  access-list  Configure an access control element
  clear        Clear
  configure    Configure using various methods
  end          Exit from configure mode
  exit         Exit from config mode
  logout       Logoff from config mode
  no           Negate a command or set its defaults
  quit         Exit from config mode
asa-tst-rts(config)# access-list ?

configure mode commands/options:
  WORD < 241 char  Access list identifier
asa-tst-rts(config)# access-list Default ?
ERROR: % Unrecognized command
asa-tst-rts(config)# access-list Default
ERROR: % Incomplete command
asa-tst-rts(config)#

 

17 Replies 17

There is also a bug for this: CSCuq44875

Even though it says it has been fixed on version 9.4(1) which is the version I'm using, I still found the bug, well on the ASAv.

You're right...looks like it isn't fixed in 9.4(1).

Is there a way to re-open the bug or how can we make sure that it gets fixed in the next release?

 

Bug CSCuq44875.

According to the release notes this one is still not fixed in version 9.1.7 release on January 18th. Can someone please let me know when we can expect a fix for this issue?

Thank you.

Review Cisco Networking for a $25 gift card