Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

ASDM AAA privileges

I am trying to set up AAA for managment on my ASA. I have the admin users up and working fine. Now I need to set up access so that my help desk users have the ability to monitor VPN sessions and log them out via the ASDM. I don't want them to be able to get the configuration tab at all and I don't want these users to have access to the CLI at all.

I created the local user I wanted and set the privilege level to 3 (selected "YES" to the "create predefined admin, read-only, monitor-only" prompt). I then went logged in as this user and the configuration tab was gone like I wanted. I then clicked on "Monitor" and "VPN". I could see the ssessions but the "logout" button was not available. I expected this so I modified the privilege levels for the vpn-sessiondb commands to a privilege level of 3. I tried logging in again but the logout button was still not available.

Can anyone tell me if this is possible?


New Member

Re: ASDM AAA privileges


Not sure what is the ASDM version you are using but you might running into BUG CSCsz83205


Users with privilege level below 15 unable to logoff VPN sessions from ASDM.


ASA is not configured for 'command authorization'.


Use Command Line Interface to logoff VPN sessions.

I have ASDM 6.3 and I am able to see logout with priv level 3


Waris Hussain.

New Member

Re: ASDM AAA privileges

Did you have to configure any special command privileges? I'm running ADSM v6.3(1). Unfortunately I can't see the bug track document right now. I'll check later to read it.

CreatePlease to create content