Cisco Systems OL-24201-01

10-14

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 10 Managing Access Policies

Configuring Access Services

Step 3 Click Next to configure the allowed protocols. See Configuring Access Service Allowed Protocols,

page 10-15.

Description Description of the access service.

Access Service Policy Structure

Based on service template Creates an access service containing policies based on a predefined template. This option is

available only for service creation.

Based on existing service Creates an access service containing policies based on an existing access service. The new access

service does not include the existing service’s policy rules. This option is available only for

service creation.To replicate a service, including its policy rules, duplicate an existing access

service.

User selected service type Provides you the option to select the access service type. The available options are Network

Access, Device Administration, and External Proxy. The list of policies you can configure

depends on your choice of access service type.

User Selected Service Type—Network Access and Device Administration

Policy Structure

Identity Check to include an identity policy in the access service to define the identity store or stores that

ACS uses for authentication and attribute retrieval.

Group Mapping Check to include a group mapping policy in the access service to map groups and attributes that

are retrieved from external identity stores to ACS identity groups.

Authorization Check to include an authorization policy in the access service to apply:

•Authorization profiles for network access services.

•Shell profiles and command sets for device administration services.

User Selected Service Type—External Proxy

Select the set of External servers to be used for proxy. You can also determine the order in which these servers will be used.

Available External Proxy

Servers

List of available external RADIUS and TACACS+ servers. Select the external servers to be used

for proxy and move them to the Selected External Proxy Servers list.

Selected External Proxy

Servers

List of selected external proxy servers.

Advanced Options

Accounting

Remote Accounting Check to enable remote accounting.

Local Accounting Check to enable local accounting.

Username Prefix\Suffix Stripping

Strip start of subject name

up to the first occurrence

of the separator

Check to strip the username from the prefix. For example, if the subject name is acme\smith and

the separator is \, the username becomes smith. The default separator is \.

Strip end of subject name

from the last occurrence

of the separator

Check to strip the username from the suffix. For example, if the subject name is

smith@acme.com and the separator is @, the username becomes smith. The default separator is

Table 10-6 Access Service Properties—General Page (continued)

Option Description