An ASA5550 will need to be configured to use TACACS AAA. Currently, the ASA is setup for local authentication. A couple of privilege 15 admin users and a few more privilege 5 read-only users.
running ASA 8.2(2)
using ASDM 6.3(5)
authenticating to ACS 4.2
The admin users and read-only users already have established TACACS usernames and are in established TACACS user groups for logging into routers/switches.
What's the best way to implement configuration of the ASA and ACS server to maintain the same type of restrictions that's applied using the local database?
1. Try and avoid the creation of a second TACACS username for the admin and read-only users.
2. ACS allows restrictions on what devices can be access by users/groups. Possible to do reverse? Restrict what usernames can access a device in the ACS database.