August 21, 2009

configure privilege access levels on cisco asa

there are 4 steps involved in this :

  1. enable command authorization ( LOCAL in this case means , keep the command authorization configuration on the firewall ) :

aaa authorization command LOCAL

  1. define commands you want to use on a certain level, for example these commands will enable a user in privilege level 5 to view and clear crypto tunnels

privilege show level 5 command crypto
privilege clear level 5 command crypto

  1. create a user and assign the privilege level to her/him :

username userName password userPass privilege 5

  1. create an enable password for the new privilege level :

enable password enablePass level 5

now when the user logs in she/he can type :

enable 5

enter the password from step for and they will be able to run the above crypto commands.

here’s a link to the cisco KB.