Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Give read-only access to Cisco ASA using TACACS+ through the Cisco Secure ACS (version 5.2) server

I would really appreciate any help in this matter.

I want to know how to give read-only access to Cisco devices (network switches, routers and appliances) using TACACS+ through the Cisco Secure ACS server (The TACACS+ server).

In my case, I want to assign read-only access to the Cisco ASA Firewall using TACACS+ through Cisco ACS server. I'm new to this so a complete breakdown would be much appreciated.

Thanks in advance

- Aditi

Everyone's tags (4)
2 REPLIES
Hall of Fame Super Gold

Give read-only access to Cisco ASA using TACACS+ through the Cis

Aditi

For access to the ASA using the command line this is fairly easy and is quite similar to the way you would do it with other Cisco routers or switches. When you log in you are at the user mode which supplies read only access and you use the enable command to get to privilege mode and ACS can be configured to differentiate users who should get level 15 access from those who should not get level 15 access.

But accessing the ASA using the ASDM is quite different. ASDM defaults to giving a user capability to use commands at advanced privilege mode. I worked on this issue for a customer and found a solution. We created authorization sets and one authorization command set contained show commands and a few other things that we wanted restricted users to be able to do. And we configured ACS to assign this authorization command set to those users who should be read only. (and we had a authorization command set which contained access to all commands to be used for users who should have full access.) We did this using the 4.2 version of ACS so the mechanics of what we did would be quite different from what you would need to do with 5.2. But I hope it gives you some insight into how to approach this.

HTH

Rick

New Member

Hi All,

Hi All,

I want to know how to give read-only access to Cisco ASA firewall using TACACS+ through the

Cisco Secure ACS server 5.8 (The TACACS+ server).

I am having  router switch and ASA firewall in a group and i am able to full access all devices  using TACACS+ but I want to create separate firewall group and user to provide only read access to firewall device only. 

 I want to assign read-only access to the Cisco ASA Firewall using TACACS+ through Cisco ACS server. I'm new to this so a complete breakdown would be much appreciated.

Will you please help me ?

Thanks in advance. 

Thanks in advance

1626
Views
0
Helpful
2
Replies
CreatePlease to create content