08-24-2010 11:04 AM - edited 03-10-2019 05:21 PM
I am trying to set up AAA for managment on my ASA. I have the admin users up and working fine. Now I need to set up access so that my help desk users have the ability to monitor VPN sessions and log them out via the ASDM. I don't want them to be able to get the configuration tab at all and I don't want these users to have access to the CLI at all.
I created the local user I wanted and set the privilege level to 3 (selected "YES" to the "create predefined admin, read-only, monitor-only" prompt). I then went logged in as this user and the configuration tab was gone like I wanted. I then clicked on "Monitor" and "VPN". I could see the ssessions but the "logout" button was not available. I expected this so I modified the privilege levels for the vpn-sessiondb commands to a privilege level of 3. I tried logging in again but the logout button was still not available.
Can anyone tell me if this is possible?
Thanks.
08-24-2010 01:16 PM
Hi,
Not sure what is the ASDM version you are using but you might running into BUG CSCsz83205
Symptom:
Users with privilege level below 15 unable to logoff VPN sessions from ASDM.
Conditions:
ASA is not configured for 'command authorization'.
Workaround:
Use Command Line Interface to logoff VPN sessions.
I have ASDM 6.3 and I am able to see logout with priv level 3
Thanks
Waris Hussain.
08-24-2010 01:50 PM
Did you have to configure any special command privileges? I'm running ADSM v6.3(1). Unfortunately I can't see the bug track document right now. I'll check later to read it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: