Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2559
Views
0
Helpful
17
Replies

Local user for editing access-lists

idealo.de
Level 1
Level 1

‎06-19-2015 02:00 AM - edited ‎02-21-2020 05:30 AM

Good Morning,

 

not sure if this is the right commnunity....anyway....

 

We are looking for a possibility to allow our User Helpdesk to modify access-lists on our Cisco ASA based client VPN. I'm wondering if it is possible to add a local user to the ASA who is allowed to enter configuration mode but can only execute commands like 'access-list ...'.

 

I already managed to set the privilege level so that the user can enter configuration mode and only see the access-list command but unfortunately he is not allowed to execute the command.

Any hint is appreciated.

 

Thank you.

------

asa-tst-rts# sh access-list
access-list Default; 10 elements; name hash: 0x2b24c7de
access-list Default line 1 remark ???
access-list Default line 2 standard permit host ???? (hitcnt=0) 0xe63fe3f9
access-list Default line 3 remark ???
access-list Default line 4 standard permit host ??? (hitcnt=0) 0x2f379ee1
[...]

asa-tst-rts# conf t

asa-tst-rts(config)# ?

  access-list  Configure an access control element
  clear        Clear
  configure    Configure using various methods
  end          Exit from configure mode
  exit         Exit from config mode
  logout       Logoff from config mode
  no           Negate a command or set its defaults
  quit         Exit from config mode
asa-tst-rts(config)# access-list ?

configure mode commands/options:
  WORD < 241 char  Access list identifier
asa-tst-rts(config)# access-list Default ?
ERROR: % Unrecognized command
asa-tst-rts(config)# access-list Default
ERROR: % Incomplete command
asa-tst-rts(config)#

 

0 Helpful
17 Replies 17

Adeolu Owokade
Level 1
Level 1
In response to Adeolu Owokade

‎06-23-2015 04:54 AM

There is also a bug for this: CSCuq44875

Even though it says it has been fixed on version 9.4(1) which is the version I'm using, I still found the bug, well on the ASAv.

0 Helpful

idealo.de
Level 1
Level 1
In response to Adeolu Owokade

‎06-23-2015 05:37 AM

You're right...looks like it isn't fixed in 9.4(1).

Is there a way to re-open the bug or how can we make sure that it gets fixed in the next release?

 

0 Helpful

idealo.de
Level 1
Level 1
In response to idealo.de

‎01-21-2016 05:28 AM

Bug CSCuq44875.

According to the release notes this one is still not fixed in version 9.1.7 release on January 18th. Can someone please let me know when we can expect a fix for this issue?

Thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card