Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Separating Monitor only and Admin access to Cisco ASDM (ASA) for users authenticated via LDAP

        Hi,

we have two Ad Groups on Group for network Admins an one for Systems Admins. The network Admins will get the Priv lvl 15 the other Priv lvl 3.

This is the configuration that i use:

TestASA# sh run ldap attribute-map test4
map-name  comment Privilege-Level
map-value comment fw-ro 5
map-value comment fw-rw 15
map-name  memberOf IETF-Radius-Service-Type
map-value memberOf "cn=sec-FW-Admin,OU=Security Groups,DC=802101,DC=local" 6
map-value memberOf "cn=sec-fw-ro,OU=Security Groups,DC=802101,DC=local" 5

The user in both groups can login via ssh and asdm but all user get the same rights priv lvl 15.

Has anybody an idea?

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Separating Monitor only and Admin access to Cisco ASDM (ASA) for

You need to visit the below listed link to configure ASA for read-only access and admin access. Not sure, if you have already gone through it.

https://supportforums.cisco.com/docs/DOC-33843

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
2 REPLIES
Cisco Employee

Separating Monitor only and Admin access to Cisco ASDM (ASA) for

You need to visit the below listed link to configure ASA for read-only access and admin access. Not sure, if you have already gone through it.

https://supportforums.cisco.com/docs/DOC-33843

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Separating Monitor only and Admin access to Cisco ASDM (ASA) for

Thank you Jatin Katyal,

the document was helpful, but the point are note in the document.

it is important set the "Enable authorization for ASA command access "Enable an click on "Set ASDM Define User Roles..." button.

greets

Markus Thun

1521
Views
0
Helpful
2
Replies
CreatePlease login to create content