I have a Cisco ASA with multiple context. I am trying to deny the use of the
command "changeto context system", but allow authorized group to be able to
change to any of the other context. When user types in the command they get
denied.
I have entered
"authorizedgroup <readonly group> permit service=shell cmd=changeto
cmd-arg="context <other context name>"
"authorizedgroup <readonly group> deny service=shell cmd=changeto
cmd-arg="context system"
"authorizedgroup <readonly group> deny .*"
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
