set up privilege level in Cisco ASA for a new user

[SIMONI]

Dear All,

We have a Cisco ASA 5540.

We need to create a new user account on the device which will be able to log off VPN sessions only without the option to modify the ASA router configuration.

I have seen this KB:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml

which is not working for us.

Can you please point me to a KB or tell me which commands should I use the create the user?

I know how to create new users however I don't know how to configure them with specific commands.

Best regards,
Simon

 

[Supergrrover]

You will need to set the level of the command and then the user's level.

Here is guide to how you change the level of a command -

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1042039

This should do the trick
privilege cmd level 5 mode exec command vpn-sessiondb
privilege show level 5 mode exec command vpn-sessiondb

Then set the user
username [Username] password [Password] privilege 5

Show the attached users
sho vpn-sessiondb remote

This will log off the user
vpn-sessiondb logoff name [username]

Be careful with your level choice. They will be able to do anything with a level less than or equal to theirs.


Brent
Systems Engineer / Consultant
CCNP, CCSP

 

[SIMONI]

Hi Mate,
Thanks for that it works however it is only work from the CLI.

Can I also make them logoff sessions form the ASDM GLI interface ?

Cheers,
Simon

 

[Supergrrover]

I don't mess with the gui much. I'll get in to one this weekend and see what i can find.


Brent
Systems Engineer / Consultant
CCNP, CCSP