{"id":241,"date":"2009-05-13T19:51:58","date_gmt":"2009-05-13T19:51:58","guid":{"rendered":"https:\/\/fir3netwp.gmsrrpobkbd.com\/2009\/05\/13\/pix-asdm-read-only-account\/"},"modified":"2021-07-24T19:08:19","modified_gmt":"2021-07-24T19:08:19","slug":"pix-asdm-read-only-account","status":"publish","type":"post","link":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html","title":{"rendered":"PIX – ASDM Read Only Account"},"content":{"rendered":"

When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error,<\/span> <\/p>\n

you do not have sufficient privileges to execute commands required to load asdm<\/p>\n

Solution<\/strong><\/span><\/p>\n

This is due to the privilege levels not being configured correctly. The following will give you the following 2 accounts,<\/span><\/p>\n

Monitor-Only - Privilege level 3<\/span>
Read-Only - Privilege level 5<\/span><\/pre>\n
1. Set your AAA settings <\/span>(be careful adjusting the AAA settings already in place as this could lock you out of the firewall !), and also remember that if you set the AAA authorization command this will enforce all privilege levels.<\/span><\/p>\n
aaa authentication ssh console LOCAL
 aaa authorization command LOCAL<\/pre>\n
2. Set your privilege level settings,<\/span><\/p>\n
privilege cmd level 3 mode exec command perfmon
 privilege cmd level 3 mode exec command ping
 privilege cmd level 3 mode exec command who
 privilege cmd level 3 mode exec command logging
 privilege cmd level 3 mode exec command failover
 privilege cmd level 3 mode exec command packet-tracer
 privilege show level 3 mode exec command reload
 privilege show level 3 mode exec command mode
 privilege show level 3 mode exec command firewall
 privilege show level 3 mode exec command cpu
 privilege show level 3 mode exec command interface
 privilege show level 3 mode exec command clock
 privilege show level 3 mode exec command dns-hosts
 privilege show level 3 mode exec command access-list
 privilege show level 3 mode exec command logging
 privilege show level 3 mode exec command vlan
 privilege show level 3 mode exec command ip
 privilege show level 3 mode exec command failover
 privilege show level 3 mode exec command arp
 privilege show level 3 mode exec command route
 privilege show level 3 mode exec command ospf
 privilege show level 3 mode exec command aaa-server
 privilege show level 3 mode exec command aaa
 privilege show level 3 mode exec command eigrp
 privilege show level 3 mode exec command crypto
 privilege show level 3 mode exec command vpn-sessiondb
 privilege show level 3 mode exec command ssh
 privilege show level 3 mode exec command dhcpd
 privilege show level 3 mode exec command vpn
 privilege show level 3 mode exec command blocks
 privilege show level 3 mode exec command wccp
 privilege show level 3 mode exec command uauth
 privilege show level 3 mode configure command interface
 privilege show level 3 mode configure command clock
 privilege show level 3 mode configure command access-list
 privilege show level 3 mode configure command logging
 privilege show level 3 mode configure command ip
 privilege show level 3 mode configure command failover
 privilege show level 3 mode configure command arp
 privilege show level 3 mode configure command route
 privilege show level 3 mode configure command aaa-server
 privilege show level 3 mode configure command aaa
 privilege show level 3 mode configure command crypto
 privilege show level 3 mode configure command ssh
 privilege show level 3 mode configure command dhcpd
 privilege clear level 3 mode exec command dns-hosts
 privilege clear level 3 mode exec command logging
 privilege clear level 3 mode exec command arp
 privilege clear level 3 mode exec command aaa-server
 privilege clear level 3 mode exec command crypto
 privilege cmd level 3 mode configure command failover
 privilege clear level 3 mode configure command logging
 privilege clear level 3 mode configure command arp
 privilege clear level 3 mode configure command crypto
 privilege clear level 3 mode configure command aaa-server

 privilege show level 5 mode exec command running-config
 privilege show level 5 mode configure command privilege
 privilege cmd level 5 mode route-map command set
 privilege cmd level 5 mode mpf-policy-map-class command set<\/pre>\n
3. Configure your accounts,<\/span><\/p>\n
username fullaccess password abc123 privilege 15
 username readonly password abc123 privilege 5
 username monitor password abc123 privilege 3<\/pre>\n
Additional Notes <\/strong><\/span><\/p>\n
By default the ASDM will only honor 3 different levels, priv 3(read only), priv 5(monitor), priv15(admin).
For WebVPN configuration like bookmarks, smart-tunnels or portal customization, the ASDM loads the xml file and that functionality is pre-defined for privilege 15 users and it’s something we cannot change. We would need to use a privilege 15 for this changes. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"
When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error, you do not have sufficient privileges to execute commands required to load asdm Solution This is due to the privilege levels not being configured correctly. The following will give you … Read more<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"yoast_head":"\nPIX - ASDM Read Only Account - Fir3net<\/title>\n<meta name=\"description\" content=\"When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error, you do\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PIX - ASDM Read Only Account - Fir3net\" \/>\n<meta property=\"og:description\" content=\"When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error, you do\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html\" \/>\n<meta property=\"og:site_name\" content=\"Fir3net\" \/>\n<meta property=\"article:published_time\" content=\"2009-05-13T19:51:58+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-07-24T19:08:19+00:00\" \/>\n<meta name=\"author\" content=\"Rick Donato\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rick Donato\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html\"},\"author\":{\"name\":\"Rick Donato\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\"},\"headline\":\"PIX – ASDM Read Only Account\",\"datePublished\":\"2009-05-13T19:51:58+00:00\",\"dateModified\":\"2021-07-24T19:08:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html\"},\"wordCount\":168,\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"articleSection\":[\"Cisco Firewalls\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html\",\"url\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html\",\"name\":\"PIX - ASDM Read Only Account - Fir3net\",\"isPartOf\":{\"@id\":\"https:\/\/www.fir3net.com\/#website\"},\"datePublished\":\"2009-05-13T19:51:58+00:00\",\"dateModified\":\"2021-07-24T19:08:19+00:00\",\"description\":\"When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error, you do\",\"breadcrumb\":{\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.fir3net.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\/\/www.fir3net.com\/security\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Cisco Firewalls\",\"item\":\"https:\/\/www.fir3net.com\/security\/firewalls\/cisco\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"PIX – ASDM Read Only Account\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.fir3net.com\/#website\",\"url\":\"https:\/\/www.fir3net.com\/\",\"name\":\"Fir3net\",\"description\":\"Keeping you in the know\",\"publisher\":{\"@id\":\"https:\/\/www.fir3net.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.fir3net.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.fir3net.com\/#organization\",\"name\":\"Fir3net\",\"url\":\"https:\/\/www.fir3net.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"contentUrl\":\"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png\",\"width\":390,\"height\":88,\"caption\":\"Fir3net\"},\"image\":{\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037\",\"name\":\"Rick Donato\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g\",\"caption\":\"Rick Donato\"},\"description\":\"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders.\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PIX - ASDM Read Only Account - Fir3net","description":"When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error, you do","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html","og_locale":"en_US","og_type":"article","og_title":"PIX - ASDM Read Only Account - Fir3net","og_description":"When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error, you do","og_url":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html","og_site_name":"Fir3net","article_published_time":"2009-05-13T19:51:58+00:00","article_modified_time":"2021-07-24T19:08:19+00:00","author":"Rick Donato","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Rick Donato","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html#article","isPartOf":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html"},"author":{"name":"Rick Donato","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037"},"headline":"PIX – ASDM Read Only Account","datePublished":"2009-05-13T19:51:58+00:00","dateModified":"2021-07-24T19:08:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html"},"wordCount":168,"publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"articleSection":["Cisco Firewalls"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html","url":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html","name":"PIX - ASDM Read Only Account - Fir3net","isPartOf":{"@id":"https:\/\/www.fir3net.com\/#website"},"datePublished":"2009-05-13T19:51:58+00:00","dateModified":"2021-07-24T19:08:19+00:00","description":"When trying to create a Read only account (Priv Level 5), and logging into the ASDM using your readonly account you receive the following error, you do","breadcrumb":{"@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.fir3net.com\/Firewalls\/Cisco\/pix-asdm-read-only-account.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.fir3net.com\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.fir3net.com\/security"},{"@type":"ListItem","position":3,"name":"Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls"},{"@type":"ListItem","position":4,"name":"Cisco Firewalls","item":"https:\/\/www.fir3net.com\/security\/firewalls\/cisco"},{"@type":"ListItem","position":5,"name":"PIX – ASDM Read Only Account"}]},{"@type":"WebSite","@id":"https:\/\/www.fir3net.com\/#website","url":"https:\/\/www.fir3net.com\/","name":"Fir3net","description":"Keeping you in the know","publisher":{"@id":"https:\/\/www.fir3net.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.fir3net.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.fir3net.com\/#organization","name":"Fir3net","url":"https:\/\/www.fir3net.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","contentUrl":"https:\/\/www.fir3net.com\/wp-content\/uploads\/Fir3net-Background-Logo-compressed.png","width":390,"height":88,"caption":"Fir3net"},"image":{"@id":"https:\/\/www.fir3net.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/ab35009601b7687ee1c5310be6038037","name":"Rick Donato","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.fir3net.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d75d69a54c0ca3b32c24c3a9703b623c?s=96&d=mm&r=g","caption":"Rick Donato"},"description":"Rick Donato is a Network Automation Architect\/Evangelist and the founder of Packet Coders."}]}},"_links":{"self":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/241"}],"collection":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/comments?post=241"}],"version-history":[{"count":0,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/posts\/241\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/media?parent=241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/categories?post=241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fir3net.com\/wp-json\/wp\/v2\/tags?post=241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}