Give read-only access to Cisco ASA using TACACS+ through the Cis
For access to the ASA using the command line this is fairly easy and is quite similar to the way you would do it with other Cisco routers or switches. When you log in you are at the user mode which supplies read only access and you use the enable command to get to privilege mode and ACS can be configured to differentiate users who should get level 15 access from those who should not get level 15 access.
But accessing the ASA using the ASDM is quite different. ASDM defaults to giving a user capability to use commands at advanced privilege mode. I worked on this issue for a customer and found a solution. We created authorization sets and one authorization command set contained show commands and a few other things that we wanted restricted users to be able to do. And we configured ACS to assign this authorization command set to those users who should be read only. (and we had a authorization command set which contained access to all commands to be used for users who should have full access.) We did this using the 4.2 version of ACS so the mechanics of what we did would be quite different from what you would need to do with 5.2. But I hope it gives you some insight into how to approach this.
I want to know how to give read-only access to Cisco ASA firewall using TACACS+ through the
Cisco Secure ACS server 5.8 (The TACACS+ server).
I am having router switch and ASA firewall in a group and i am able to full access all devices using TACACS+ but I want to create separate firewall group and user to provide only read access to firewall device only.
I want to assign read-only access to the Cisco ASA Firewall using TACACS+ through Cisco ACS server. I'm new to this so a complete breakdown would be much appreciated.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...