Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1596
Views
0
Helpful
8
Replies

ASA5520 for limited operators

dimaonline
Level 1
Level 1

‎07-09-2012 03:24 AM - edited ‎03-10-2019 07:16 PM

Hi

I need limited access to cisco ASA 5520 for same operators. This operators can switch on/off vpn policy ONLY

I grant "privilege cmd level 3 mode group-policy command vpn-tunnel-protocol","privilege cmd level 3 mode exec command configure" and "privilege cmd level 3 mode exec command write"

But I receive error on "write memory" command:

write memory

Building configuration...

Error executing command

[FAILED]


Why?

PS: write terminal WORK.

Labels:
0 Helpful
8 Replies 8

Tarik Admani
VIP Alumni
VIP Alumni

‎07-10-2012 12:30 AM

Hi,

can you paste the ouput for the following:

"show run privilege command write"

Thanks,

Tarik Admani

0 Helpful

dimaonline
Level 1
Level 1
In response to Tarik Admani

‎07-10-2012 06:54 AM

# show run privilege command write

privilege cmd level 3 mode exec command write

#

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to dimaonline

‎07-10-2012 09:12 AM

What version is your ASA on?

thanks

Tarik Admani

0 Helpful

dimaonline
Level 1
Level 1
In response to Tarik Admani

‎07-10-2012 09:45 PM

Cisco Adaptive Security Appliance Software Version 8.2(5)13

Device Manager Version 6.4(7)

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to dimaonline

‎07-10-2012 10:12 PM

I checked the bug toolkit and didnt see a match for this error, its clearly configured correctly from what I can tell. I would suggest opening a TAC case to see if there are any internal bugs that may not have been public yet. Do you have another ASA that is running a different version experiencing the same issue?

Thanks

Tarik Admani

0 Helpful

dimaonline
Level 1
Level 1
In response to Tarik Admani

‎07-10-2012 10:33 PM

I have second ASA but it have same version.
I haven't smartnet for opening TAC.

I think a problem in access to flash for level 3

0 Helpful

Ramraj Sivagnanam Sivajanam
Level 4
Level 4
In response to dimaonline

‎07-15-2012 11:54 PM

Hi Bro

Yes, your assumption is correct. WRITE MEMORY COMMAND can only be executed by usernames with privilege 15 ONLY. I did a simple test just for you in my lab, as shown below;


username ramraj password xBXQhLMSw3EzEgAY encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 7


privilege cmd level 7 command write

aaa authentication serial console LOCAL
aaa authorization command LOCAL
aaa authentication enable console LOCAL


Username: cisco
Password: *****
Type help or '?' for a list of available commands.


FW1> enable
Password: *****

FW1# write memory
Building configuration...
Error executing command
[FAILED]

FW1# show curpriv

Username : cisco

Current privilege level : 7

Current Mode/s : P_PRIV

Warm regards,
Ramraj Sivagnanam Sivajanam
0 Helpful

hhoujou
Level 1
Level 1

‎09-14-2015 04:20 AM

you must also change copy command

exp.

privilege cmd level 3 mode exec command copy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents