Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
3
Replies

Read Only access to execute show crypto ipsec sa peer [IP]

Jay Joshi
Level 1
Level 1

‎01-20-2017 07:45 AM

Hello All,


I have created a privilege level 5 as read only access for a user. I want to enable show crypto ipsec sa peer [IP address]. Currently my statement is "privilege show level 5 mode exec command" however I am able to execute only "show crypto ipsec" and not the complete relevant command. Please advise what changes do I need to make inorder for complete command to work.

Labels:
0 Helpful
3 Replies 3

Karsten Iwen
VIP
VIP

‎01-20-2017 08:48 AM

Instead of using the legacy privileges, I would configure it with Role-Based Access Control (RBAC). With that you have much more control over what you want to allow.

0 Helpful

Jay Joshi
Level 1
Level 1
In response to Karsten Iwen

‎01-20-2017 09:14 AM

Hello Karsten,

I am using a cisco ASA 5585X. Looks like Role Based Access Control commands are not support on my platform.

We generally use TACACS to manage users, however this device is not under TACACS and we had to go the old style.  Would appreciate if you could help me modify my existing command to execute show crypto ipsec sa peer [IP]

Best Regards,
Jay Joshi

0 Helpful

Jay Joshi
Level 1
Level 1
In response to Jay Joshi

‎03-17-2017 06:20 AM

Hello,

This issue is resolved. I did not enable command authorization on my firewall and hence had issues.

http://www.cisco.com/c/en/us/td/docs/security/asdm/6_2/user/guide/asdmconfig/mgt_acc.html#wp1581382

Regards,
Jay Joshi

0 Helpful
Customers Also Viewed These Support Documents