Cisco Systems 3.3 User Manual

12-15

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 12 Administrators and Administrative Policy

Access Policy

For each IP address range from outside which you want to allow remote
access to the HTML interface, complete one row of the IP Address Ranges
table. Type the lowest IP address (up to 16 characters) in the range in the Start
IP Address box. Type the highest IP address (up to 16 characters) in the range
in the End IP Address box.

Note

The IP addresses entered to define a range must differ only in the last
octet.

Step 6

If you want to allow Cisco Secure ACS to use any valid TCP port for
administrative sessions, under HTTP Port Allocation, select the Allow any TCP
ports to be used for Administration HTTP Access option.

Step 7

If you want to allow Cisco Secure ACS to use only a specified range of TCP ports
for administrative sessions, follow these steps:

Under HTTP Port Allocation, select the Restrict Administration Sessions to
the following port range From Port X to Port Y option.

In the X box type the lowest TCP port (up to 5 characters) in the range.

In the Y box type the highest TCP port (up to 5 characters) in the range.

Step 8

If you want to enable SSL encryption of administrator access to the HTML
interface, under Secure Socket Layer Setup, select the Use HTTPS Transport for
Administration Access check box.

Note

To enable SSL, you must have completed the steps in

Installing a

Cisco Secure ACS Server Certificate, page 10-35

, and

Adding a

Certificate Authority Certificate, page 10-37

Step 9

Click Submit.

Cisco Secure ACS saves and begins enforcing the access policy settings.

If you have enabled SSL, at the next administrator login, Cisco Secure ACS
begins using HTTPS. Any current administrator sessions are unaffected.