08-24-2010 11:04 AM - edited 03-10-2019 05:21 PM
I am trying to set up AAA for managment on my ASA. I have the admin users up and working fine. Now I need to set up access so that my help desk users have the ability to monitor VPN sessions and log them out via the ASDM. I don't want them to be able to get the configuration tab at all and I don't want these users to have access to the CLI at all.
I created the local user I wanted and set the privilege level to 3 (selected "YES" to the "create predefined admin, read-only, monitor-only" prompt). I then went logged in as this user and the configuration tab was gone like I wanted. I then clicked on "Monitor" and "VPN". I could see the ssessions but the "logout" button was not available. I expected this so I modified the privilege levels for the vpn-sessiondb commands to a privilege level of 3. I tried logging in again but the logout button was still not available.
Can anyone tell me if this is possible?
Thanks.
08-24-2010 01:16 PM
Hi,
Not sure what is the ASDM version you are using but you might running into BUG CSCsz83205
Symptom:
Users with privilege level below 15 unable to logoff VPN sessions from ASDM.
Conditions:
ASA is not configured for 'command authorization'.
Workaround:
Use Command Line Interface to logoff VPN sessions.
I have ASDM 6.3 and I am able to see logout with priv level 3
Thanks
Waris Hussain.
08-24-2010 01:50 PM
Did you have to configure any special command privileges? I'm running ADSM v6.3(1). Unfortunately I can't see the bug track document right now. I'll check later to read it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide