04-20-2010 06:37 AM - edited 03-10-2019 05:04 PM
We recently upgraded our ASAs from 7.x to 8.x code. When we did this, the members of our designated "HelpDesk" group in ACS were no longer able to login to ASDM or use Telnet/SSH. I see entries in the ACS failed attempts around NAR but cannot figure out what I'm missing. We do use a NAR to limit their commands to only show, ping, traceroute, etc. Has anyone else ran into this? Is there something additional that needs done in the ASA code?
Message type -- Authen failed
Failure code -- User Access Filtered
Details -- Access Filter CardLog HelpDesk from Cardlog HelpDesk did not permit any criteria. This is sufficient to reject an 'All Selected' SPC NAR config.
04-20-2010 10:03 AM
Are you using a NAR to restrict commands, or a shell command set?
04-20-2010 10:14 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: