Chapter 4 Common Scenarios Using ACS

Certificate-Based Network Access

Step 4 Configure policy elements. See Managing Policy Conditions, page 9-1, for more information.

You can create custom conditions to use the certificate’s attributes as a policy condition. See Creating, Duplicating, and Editing a Custom Session Condition, page 9-5, for details.

Step 5 Create an access service. See Configuring Access Services, page 10-11, for more information. Step 6 In the Allowed Protocols Page, choose EAP-TLS.

Step 7 Configure identity and authorization policies for the access service. See Configuring Access Service Policies, page 10-21, for details.

Note When you create rules for the identity policy, the result may be the Certificate Authentication Profile or an Identity Sequence. See Viewing Identity Policies, page 10-21, for more information.

Step 8 Configure the Authorization Policies. See Configuring a Session Authorization Policy for Network Access, page 10-29.

Step 9 Configure the Service Selection Policy. See Configuring the Service Selection Policy, page 10-5.

Related Topics

Configuring Local Server Certificates, page 18-14

Configuring CA Certificates, page 8-68

Authentication in ACS 5.3, page B-1

Overview of EAP-TLS, page B-6

Authorizing the ACS Web Interface from Your Browser Using a Certificate

You use the HTTPS certificate-based authentication to connect to ACS with your browser. The Local Server Certificate in ACS is used to authorize the ACS web interface from your browser. ACS does not support browser authentication (mutual authentication is not supported).

A default Local Server Certificate is installed on ACS so that you can connect to ACS with your browser. The default certificate is a self-signed certificate and cannot be modified during installation.

Related Topics

Using Certificates in ACS, page 4-10

Configuring Local Server Certificates, page 18-14

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

4-11

 

 

 

 

 

Page 75
Image 75
Cisco Systems OL-24201-01 manual User Guide for Cisco Secure Access Control System