Re: ASDM and command authorization

holepunch · ‎02-14-2007

Hello all, I hope I can relay this problem clearly, as it is confusing me!

I have a command authorization set on my ACS that allows my junior admins to login to a pix through ASDM. One command in this set is "write net" which seems necessary in order for ASDM to get and display the configuration from the pix. I don't want my junior admins to have access to this command, but, if I remove it from the command authorization set, ASDM will not startup upon a junior admin logging in. I check my failed attempts log and see that the write net command is unrecognized after this command is removed.

Why is the write net command issued upon login for authentication? Why does ASDM need this command? Is there a way around this.

Vivek Santuka · ‎02-15-2007

Hi,

This is a known bug in PIX running 7.0.4 and earlier.

You will need to permit write net in the shell command set or upgrade to 7.1 or above.

Regards,

Vivek

holepunch · ‎02-15-2007

Thank you! I really didn't want to allow that command to my junior people.

holepunch · ‎02-15-2007

Ah, just check and my pix is running 7.2.2 and asdm is at 5.2.2. should I try 7.2.2(10) interim release?

Thanks,

glen

ntidcombe1 · ‎04-25-2007

Hi Glen, did you manage to find a cure for this problem? I have the exact same issue running 5.2.2 and 7.2.1.

Thanks

Neil

holepunch · ‎04-25-2007

Actually, no. I have not done any further testing on this either. Maybe a revision will fix this issue.

Glen

chirag3737 · ‎04-25-2007

hi i want to know what is current status to use ADSM in Pix firewall