Home > Cisco > Control System > Cisco Acs 5x User Guide

Cisco Acs 5x User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Acs 5x User Guide. The Cisco manuals for Control System are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 81

    Page 81 4-17 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS Agentless Network Access Step 7Define the service selection. Step 8Add the access service to your service selection policy. For more information, see Creating, Duplicating, and Editing Service Selection Rules, page 10-8. Related Topics Managing Users and Identity Stores, page 8-1 Managing Access Policies, page 10-1 Adding a Host to an Internal Identity Store To configure an internal... 
    4-17
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  Agentless Network Access
Step 7Define the service selection. 
Step 8Add the access service to your service selection policy. For more information, see Creating, Duplicating, 
and Editing Service Selection Rules, page 10-8.
Related Topics
Managing Users and Identity Stores, page 8-1
Managing Access Policies, page 10-1
Adding a Host to an Internal Identity Store
To configure an internal...

    Page 82

    Page 82 4-18 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS Agentless Network Access Previous Step: Network Devices and AAA Clients, page 7-5 Next Step: Configuring an Identity Group for Host Lookup Network Access Requests, page 4-18 Related Topics Creating External LDAP Identity Stores, page 8-26 Deleting External LDAP Identity Stores, page 8-33 Configuring an Identity Group for Host Lookup Network Access Requests To configure an identity group for... 
    4-18
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  Agentless Network Access
Previous Step:
Network Devices and AAA Clients, page 7-5
Next Step:
Configuring an Identity Group for Host Lookup Network Access Requests, page 4-18
Related Topics
Creating External LDAP Identity Stores, page 8-26
Deleting External LDAP Identity Stores, page 8-33
Configuring an Identity Group for Host Lookup Network Access Requests
To configure an identity group for...

    Page 83

    Page 83 4-19 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS Agentless Network Access c.Select Network Access, and check Identity and Authorization. The group mapping and External Policy options are optional. d.Make sure you select Process Host Lookup. If you want ACS to detect PAP or EAP-MD5 authentications for MAC addresses (see PAP/EAP-MD5 Authentication, page 4-15), and process it like it is a Host Lookup request (for example, MAB requests),... 
    4-19
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  Agentless Network Access
c.Select Network Access, and check Identity and Authorization. 
The group mapping and External Policy options are optional.
d.Make sure you select Process Host Lookup. 
If you want ACS to detect PAP or EAP-MD5 authentications for MAC addresses (see 
PAP/EAP-MD5 Authentication, page 4-15), and process it like it is a Host Lookup request (for 
example, MAB requests),...

    Page 84

    Page 84 4-20 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS VPN Remote Network Access Configuring an Authorization Policy for Host Lookup Requests To configure an authorization policy for Host Lookup requests: Step 1Choose Access Policies > Access Services > Authorization. See Configuring a Session Authorization Policy for Network Access, page 10-29, for details. Step 2Select Customize to customize the authorization policy conditions. A list of... 
    4-20
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  VPN Remote Network Access
Configuring an Authorization Policy for Host Lookup Requests
To configure an authorization policy for Host Lookup requests:
Step 1Choose Access Policies > Access Services >  Authorization. 
See Configuring a Session Authorization Policy for Network Access, page 10-29, for details.
Step 2Select Customize to customize the authorization policy conditions. 
A list of...

    Page 85

    Page 85 4-21 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS VPN Remote Network Access Supported Authentication Protocols ACS 5.3 supports the following protocols for inner authentication inside the VPN tunnel: RADIUS/PAP RADIUS/CHAP RADIUS/MS-CHAPv1 RADIUS/MS-CHAPv2 With the use of MS-CHAPv1 or MS-CHAPv2 protocols, ACS can generate MPPE keys that is used for encryption of the tunnel that is created. Related Topics VPN Remote Network Access, page... 
    4-21
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  VPN Remote Network Access
Supported Authentication Protocols
ACS 5.3 supports the following protocols for inner authentication inside the VPN tunnel:
RADIUS/PAP
RADIUS/CHAP
RADIUS/MS-CHAPv1
RADIUS/MS-CHAPv2
With the use of MS-CHAPv1 or MS-CHAPv2 protocols, ACS can generate MPPE keys that is used for 
encryption of the tunnel that is created.
Related Topics
VPN Remote Network Access, page...

    Page 86

    Page 86 4-22 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS VPN Remote Network Access Supported VPN Network Access Servers ACS 5.3 supports the following VPN network access servers: Cisco ASA 5500 Series Cisco VPN 3000 Series Related Topics VPN Remote Network Access, page 4-20 Supported Authentication Protocols, page 4-21 Supported Identity Stores, page 4-21 Supported VPN Clients, page 4-22 Configuring VPN Remote Access Service, page 4-22 Supported... 
    4-22
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  VPN Remote Network Access
Supported VPN Network Access Servers
ACS 5.3 supports the following VPN network access servers:
Cisco ASA 5500 Series
Cisco VPN 3000 Series
Related Topics
VPN Remote Network Access, page 4-20
Supported Authentication Protocols, page 4-21
Supported Identity Stores, page 4-21
Supported VPN Clients, page 4-22
Configuring VPN Remote Access Service, page 4-22
Supported...

    Page 87

    Page 87 4-23 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS ACS and Cisco Security Group Access Related Topics VPN Remote Network Access, page 4-20 Supported Authentication Protocols, page 4-21 Supported Identity Stores, page 4-21 Supported VPN Network Access Servers, page 4-22 Supported VPN Clients, page 4-22 Configuring VPN Remote Access Service, page 4-22 ACS and Cisco Security Group Access NoteACS requires an additional feature license to enable... 
    4-23
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  ACS and Cisco Security Group Access
Related Topics
VPN Remote Network Access, page 4-20
Supported Authentication Protocols, page 4-21
Supported Identity Stores, page 4-21
Supported VPN Network Access Servers, page 4-22
Supported VPN Clients, page 4-22
Configuring VPN Remote Access Service, page 4-22
ACS and Cisco Security Group Access
NoteACS requires an additional feature license to enable...

    Page 88

    Page 88 4-24 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS ACS and Cisco Security Group Access 6.Configuring EAP-FAST Settings for Security Group Access. 7.Creating an Access Service for Security Group Access. 8.Creating an Endpoint Admission Control Policy. 9.Creating an Egress Policy. 10.Creating a Default Policy. Adding Devices for Security Group Access The RADIUS protocol requires a shared secret between the AAA client and the server. In ACS,... 
    4-24
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  ACS and Cisco Security Group Access
6.Configuring EAP-FAST Settings for Security Group Access.
7.Creating an Access Service for Security Group Access.
8.Creating an Endpoint Admission Control Policy.
9.Creating an Egress Policy.
10.Creating a Default Policy.
Adding Devices for Security Group Access
The RADIUS protocol requires a shared secret between the AAA client and the server. In ACS,...

    Page 89

    Page 89 4-25 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS ACS and Cisco Security Group Access Devices consider only the SGT value; the name and description of a security group are a management convenience and are not conveyed to the devices. Therefore, changing the name or description of the security group does not affect the generation ID of an SGT. To create a security group: Step 1Choose Policy Elements > Authorizations and Permissions >... 
    4-25
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  ACS and Cisco Security Group Access
Devices consider only the SGT value; the name and description of a security group are a management 
convenience and are not conveyed to the devices. Therefore, changing the name or description of the 
security group does not affect the generation ID of an SGT. 
To create a security group:
Step 1Choose Policy Elements > Authorizations and Permissions >...

    Page 90

    Page 90 4-26 User Guide for Cisco Secure Access Control System 5.3 OL-24201-01 Chapter 4 Common Scenarios Using ACS ACS and Cisco Security Group Access To configure an NDAC policy for a device: Step 1Choose Access Policies > Security Group Access Control > Security Group Access > Network Device Access > Authorization Policy. Step 2Click Customize to select which conditions to use in the NDAC policy rules. The Default Rule provides a default rule when no rules match or there are no rules defined. The... 
    4-26
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 4      Common Scenarios Using ACS
  ACS and Cisco Security Group Access
To configure an NDAC policy for a device:
Step 1Choose Access Policies > Security Group Access Control > Security Group Access > Network 
Device Access > Authorization Policy. 
Step 2Click Customize to select which conditions to use in the NDAC policy rules.
The Default Rule provides a default rule when no rules match or there are no rules defined. The...
    Start reading Cisco Acs 5x User Guide

    Related Manuals for Cisco Acs 5x User Guide

    All Cisco manuals