External policies, About external policies – Cisco 3.3 User Manual

Chapter 14 Network Admission Control

NAC Policies

14-28

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

When Cisco Secure ACS applies this policy to a posture validation request and
none of the configurable rules match the request, Cisco Secure ACS associates
with the policy the default result credential type, token, and action that you
specify.

Step 7

Click Submit.

The Select Local Policies page displays the new policy in the Available Policies
list.

Tip

You can add the policy to any NAC database, not just the NAC database
you clicked through to reach the Local Policy Configuration page.

Step 8

If you are in the process of configuring a new NAC database, resume performing
the steps in

Configuring a NAC Database, page 14-14

.

External Policies

This section contains the following topics:

•

About External Policies, page 14-28

•

External Policy Configuration Options, page 14-29

•

Creating an External Policy, page 14-32

About External Policies

External policies are policies that define an external NAC server, usually from an
anti-virus vendor, and a set of credential types to be forwarded to the external
database. You also have the option of defining a secondary external NAC server.

Cisco Secure ACS does not determine the result of applying an external policy;
instead, it forwards the selected credentials to the external NAC server and
expects to receive the results of the policy evaluation: an APT, a result credential
type, and an action.

Each external policy associated with a NAC database must return a result;
otherwise, Cisco Secure ACS rejects policy validation requests evaluated with a
NAC database whose external policies do not return a result. For example, if