Setting up access policy – Cisco 3.3 User Manual

Chapter 12 Administrators and Administrative Policy

Access Policy

12-14

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Setting Up Access Policy

For information about access policy options, see

Access Policy Options,

page 12-12

.

Before You Begin

If you want to enable SSL for administrative access, before completing this
procedure, you must have completed the steps in

Installing a Cisco Secure ACS

Server Certificate, page 10-35

, and

Adding a Certificate Authority Certificate,

page 10-37

.

To set up Cisco Secure ACS Access Policy, follow these steps:

Step 1

In the navigation bar, click Administration Control.

Cisco Secure ACS displays the Administration Control page.

Step 2

Click Access Policy.

The Access Policy Setup page appears.

Step 3

To allow remote access to the HTML interface from any IP address, in the IP
Address Filtering table, select the Allow all IP addresses to connect option.

Step 4

To allow remote access to the HTML interface only from IP addresses within a
range or ranges of IP addresses, follow these steps:

a.

In the IP Address Filtering table, select the Allow only listed IP addresses
to connect option.

b.

For each IP address range from within which you want to allow remote access
to the HTML interface, complete one row of the IP Address Ranges table. In
the Start IP Address box, type the lowest IP address (up to 16 characters) in
the range. In the End IP Address box, type the highest IP address (up to 16
characters) in the range. Use dotted decimal format.

Note

The IP addresses entered to define a range must differ only in the last
octet.

Step 5

To allow remote access to the HTML interface only from IP addresses outside a
range or ranges of IP addresses, follow these steps:

a.

In the IP Address Filtering table, select the Reject connections from listed
IP addresses option.