Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA5520 for limited operators

Hi

I need limited access to cisco ASA 5520 for same operators. This operators can switch on/off vpn policy ONLY

I grant "privilege cmd level 3 mode group-policy command vpn-tunnel-protocol","privilege cmd level 3 mode exec command configure" and "privilege cmd level 3 mode exec command write"

But I receive error on "write memory" command:

write memory

Building configuration...

Error executing command

[FAILED]


Why?

PS: write terminal WORK.

8 REPLIES

ASA5520 for limited operators

Hi,

can you paste the ouput for the following:

"show run privilege command write"

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

ASA5520 for limited operators

# show run privilege command write

privilege cmd level 3 mode exec command write

#

ASA5520 for limited operators

What version is your ASA on?

thanks

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

ASA5520 for limited operators

Cisco Adaptive Security Appliance Software Version 8.2(5)13

Device Manager Version 6.4(7)

ASA5520 for limited operators

I checked the bug toolkit and didnt see a match for this error, its clearly configured correctly from what I can tell. I would suggest opening a TAC case to see if there are any internal bugs that may not have been public yet. Do you have another ASA that is running a different version experiencing the same issue?

Thanks

Tarik Admani

Tarik Admani *Please rate helpful posts*
New Member

Re: ASA5520 for limited operators

I have second ASA but it have same version.
I haven't smartnet for opening TAC.

I think a problem in access to flash for level 3

ASA5520 for limited operators

Hi Bro

Yes, your assumption is correct. WRITE MEMORY COMMAND can only be executed by usernames with privilege 15 ONLY. I did a simple test just for you in my lab, as shown below;


username ramraj password xBXQhLMSw3EzEgAY encrypted privilege 15
username cisco password 3USUcOPFUiMCO4Jk encrypted privilege 7


privilege cmd level 7 command write

aaa authentication serial console LOCAL
aaa authorization command LOCAL
aaa authentication enable console LOCAL


Username: cisco
Password: *****
Type help or '?' for a list of available commands.


FW1> enable
Password: *****

FW1# write memory
Building configuration...
Error executing command
[FAILED]

FW1# show curpriv

Username : cisco

Current privilege level : 7

Current Mode/s : P_PRIV

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
Cisco Employee

you must also change copy

you must also change copy command

exp.

privilege cmd level 3 mode exec command copy

577
Views
0
Helpful
8
Replies
CreatePlease login to create content