06-24-2010 09:07 AM - edited 03-11-2019 11:03 AM
Can you disable all of ASDM except for the Monitoring piece? I keep trying to find information on this but am not able to locate it if it is possible at all. Any assistance on this would be greatly appreciated.
Thanks,
Kimberly
Solved! Go to Solution.
06-24-2010 10:35 AM
ASDM is using commands to pull information and configure the ASA. So the users and their levels that apply to the ASA are the same for CLI and A
SDM. In other words priv 3, 5 and 15 segmentation is enforced with command authorization to make ASDM be able to view configs, monitor or configure. And the same privileges will hold for the same users when they try to use CL:I.
I hope it makes sense.
PK
06-24-2010 09:36 AM
You can use users of priv level 3. These guys can only use the monitoring functions.
Level 5 can view config but not change it, also and 15 can configure.
I hope it helps.
PK
06-24-2010 10:20 AM
PK,
Thank you for your response. I am looking for something a little more specific. We are working on deploying TACACS for CLI access to our 5540s, but when ASDM is launched, is there a way to only allow priv 3 or priv 5 for just that application but not affect CLI?
Thanks,
Kimberly
06-24-2010 10:35 AM
ASDM is using commands to pull information and configure the ASA. So the users and their levels that apply to the ASA are the same for CLI and A
SDM. In other words priv 3, 5 and 15 segmentation is enforced with command authorization to make ASDM be able to view configs, monitor or configure. And the same privileges will hold for the same users when they try to use CL:I.
I hope it makes sense.
PK
06-24-2010 12:13 PM
PK,
Thanks again for your assistance with this. +5 for being helpful!
Kimberly
06-24-2010 01:00 PM
Glad it makes sense
Regards,
PK
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: