All, I have backed myself into a corner with a command I entered yesterday in my ASA. The command entered was:
aaa authorization command TACACS+ LOCAL
And it locked me down so tight that I can't even go into "conf t" or run a "sh run" command any longer. Like a fool, I must of ran the "copy run start" which I usually don't do, nonetheless I did, so a reboot was not able to save my error in judgement.
Does anyone know of any way to re-enable my command functions? I am running ACS 4.1. I'm thinking that it's looking for some commands that ACS says my account is permitted to run, but I'm at a loss.
Added a user in ACS with privilege level 15 access and in the Shell Command Authorization Set" section, checked "Per User Command Authorization" and then selected the "Permit" radio button. Submitted changes. Logged in as new user I just setup and was able to run any command needed. Whew!
It looks like you may have missed setting up some parts of the various profiles / groups that you need to. It can be a bit trickier if you are using LDAP from the ACS server though - if this is the case for you, to get you up and running I would temporarily change and use the Local Database on the ACS server.
Thanks for the Quick response, I have did the same config as per the Document, but still have the same issue , one thing i have notices in the ACS failed logs, the caller ID shows 0.0.0.0 will this be the issue ??
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...