Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
0
Helpful
6
Replies

ASDM and command authorization

holepunch
Beginner
Beginner

‎02-14-2007 11:14 AM

Hello all, I hope I can relay this problem clearly, as it is confusing me!

I have a command authorization set on my ACS that allows my junior admins to login to a pix through ASDM. One command in this set is "write net" which seems necessary in order for ASDM to get and display the configuration from the pix. I don't want my junior admins to have access to this command, but, if I remove it from the command authorization set, ASDM will not startup upon a junior admin logging in. I check my failed attempts log and see that the write net command is unrecognized after this command is removed.

Why is the write net command issued upon login for authentication? Why does ASDM need this command? Is there a way around this.

Labels:
0 Helpful
6 Replies 6

Vivek Santuka
Cisco Employee
Cisco Employee

‎02-15-2007 04:23 AM

Hi,

This is a known bug in PIX running 7.0.4 and earlier.

You will need to permit write net in the shell command set or upgrade to 7.1 or above.

Regards,

Vivek

0 Helpful