Chapter 10 Managing Access Policies

Configuring Access Services

Table 10-6 Access Service Properties—General Page (continued)

Option

Description

 

 

Description

Description of the access service.

 

 

Access Service Policy Structure

 

 

Based on service template

Creates an access service containing policies based on a predefined template. This option is

 

available only for service creation.

 

 

Based on existing service

Creates an access service containing policies based on an existing access service. The new access

 

service does not include the existing service’s policy rules. This option is available only for

 

service creation.To replicate a service, including its policy rules, duplicate an existing access

 

service.

 

 

User selected service type

Provides you the option to select the access service type. The available options are Network

 

Access, Device Administration, and External Proxy. The list of policies you can configure

 

depends on your choice of access service type.

 

 

User Selected Service Type—Network Access and Device Administration

 

 

Policy Structure

 

 

 

Identity

Check to include an identity policy in the access service to define the identity store or stores that

 

ACS uses for authentication and attribute retrieval.

 

 

Group Mapping

Check to include a group mapping policy in the access service to map groups and attributes that

 

are retrieved from external identity stores to ACS identity groups.

 

 

Authorization

Check to include an authorization policy in the access service to apply:

 

Authorization profiles for network access services.

 

Shell profiles and command sets for device administration services.

 

 

User Selected Service Type—External Proxy

Select the set of External servers to be used for proxy. You can also determine the order in which these servers will be used.

Available External Proxy

List of available external RADIUS and TACACS+ servers. Select the external servers to be used

Servers

for proxy and move them to the Selected External Proxy Servers list.

 

 

Selected External Proxy

List of selected external proxy servers.

Servers

 

 

 

Advanced Options

 

 

 

Accounting

 

 

 

Remote Accounting

Check to enable remote accounting.

 

 

Local Accounting

Check to enable local accounting.

 

 

Username Prefix\Suffix Stripping

 

 

Strip start of subject name

Check to strip the username from the prefix. For example, if the subject name is acme\smith and

up to the first occurrence

the separator is \, the username becomes smith. The default separator is \.

of the separator

 

 

 

Strip end of subject name

Check to strip the username from the suffix. For example, if the subject name is

from the last occurrence

smith@acme.com and the separator is @, the username becomes smith. The default separator is

of the separator

@.

 

 

Step 3 Click Next to configure the allowed protocols. See Configuring Access Service Allowed Protocols, page 10-15.

 

User Guide for Cisco Secure Access Control System 5.3

10-14

OL-24201-01

Page 277 Page 279
Page 278
Image 278
Cisco Systems OL-24201-01 manual 10-14
Page 277 Page 279
Top Page Image Contents