07-31-2008 01:44 AM - edited 03-11-2019 06:23 AM
I have 2 ASA's where I have to create a read-only account for an user to monitor sessions on the ASAs. The read-only account should only have permission to use ASDM and click on the Monitor tab? I donot use an AAA server at present. How can I do it? Helpful posts will be rated. Thanks in Advance.
07-31-2008 02:22 AM
Have a look at this:
http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/devaccss.html#wp1218050
I'm assuming this works via the privilege command and no external AAA servers are required.
Regards
Farrukh
08-01-2008 12:26 AM
Thanks. I have rated the reply.
08-01-2008 02:01 AM
Thanks, let me know how it goes.
Regards
Farrukh
08-12-2008 04:37 AM
User complained that he is having the following error "You donot have sufficient priviliges to execute commands required to load ASDM. Please contact your System Administrator." on one ASA and looks like it works on other ASA. What might be the problem.
Thanks in Advance
08-12-2008 02:20 PM
Hi,
Can you post the configuration changes that you made to try to get this working? You should only need to create a privilege level 5 user and configure ASDM to use the local user database:
ASA(config)# username user1 password password123 priv 5
ASA(config)# aaa authentication http console LOCAL
-Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide