Guest

Cisco Secure Access Control Server for Windows

Installing Cisco Secure ACS 2.5 for Windows 2000/NT Server

 Feedback

Table of Contents

Installing Cisco Secure ACS 2.5 for Windows 2000/NT Server
Installing the Software
Configuring the NAS
Completing Setup
Starting Cisco Secure ACS

Installing Cisco Secure ACS 2.5 for Windows 2000/NT Server



Note      Before beginning, read the Read Me First: Cisco Secure ACS 2.5 for Windows 2000/NT Server Getting Started card and complete its "Information You Need" section.



Caution If an earlier version of Cisco Secure ACS is installed, back up data to another server before installation. If errors occur during install, run Clean.exe from the Cisco Secure ACS CD-ROM as described in the readme file or release notes, and then re-run Setup.

Installing the Software


Note      Close all Windows programs before you run Setup.



Step 1   Log in as the local system administrator to the server on which you are installing Cisco Secure ACS.

Step 2   Insert the Cisco Secure ACS CD-ROM into your CD-ROM drive. The Installation window opens.

Step 3   Click Install.

Step 4   In the Software License Agreement window, read the agreement; click Accept to agree to the licensing terms and conditions. The Welcome window opens.

Step 5   Click Next. The Before You Begin window opens.

Step 6   Verify that each condition is met, and select the check box for each item. Click Next. (Click Explain for information on the listed items. If any condition is not met, click Cancel to exit Setup.) If this is a new installation, skip to Step 9<Xref_Color>.

Step 7   If Cisco Secure ACS is already installed, the Previous Installation window asks if you want to remove the previous version and save the existing database information. To keep the existing data, select the Yes, keep existing database check box. To use a new database, click to clear the check box.

Click Next. If you selected the check box, Setup backs up the existing configuration, and then removes the old files. To continue, click OK.

Step 8   If Setup finds a configuration, it asks if you want to import the configuration. To keep the existing configuration, select the Yes, import configuration check box. To use a new configuration, click to clear the check box.

Click Next.The Choose Destination Location window opens.

Step 9   To install the software in the default directory, click Next. To use a different directory, click Browse and enter the directory to use. If the directory does not exist, Setup asks if you want to create it. Click Yes. The Authentication Database Configuration window opens.

Step 10   Click the option button(s) for the authentication database(s) to be used by Cisco Secure ACS:

  • Check the Cisco Secure ACS Database only. (default) Cisco Secure ACS will use only the Cisco Secure ACS database for authentication.
  • Also check the Windows NT User Database. Cisco Secure ACS will check the Cisco Secure ACS database and the Windows NT user database.

Step 11   To limit dial-in access to only those users you specified in Windows NT User Manager or in Windows 2000 Active Directory Users and Computers, click Yes, reference "Grant dialin permission to user" setting.

Click Next. The Network Access Server Details window opens.

Step 12   Complete the following information. (Review the Read Me First: Cisco Secure ACS 2.5 for Windows 2000/NT Server Getting Started quick reference card.)

  • Authenticate Users Using. Type of security protocol to be used. TACACS+ (Cisco) is the default.
  • Access Server Name. Name of the NAS that will be using Cisco Secure ACS services.
  • Access Server IP Address. IP address of the NAS that will be using Cisco Secure ACS services.
  • Windows NT Server IP Address. IP address of this Windows NT server.
  • TACACS+ or RADIUS Key. Shared secret of the NAS and Cisco Secure ACS. These passwords must be identical to ensure proper function and communication between the NAS and Cisco Secure ACS. Shared secrets are case sensitive.

Setup installs the Cisco Secure ACS files and updates the Registry.

Step 13   Click Next. The Interface Configuration window opens.

Step 14   Select the check box to enable any or all options listed. Interface Configuration options are disabled by default.


Note      Configuration options for these items appear in the Cisco Secure ACS interface only if they are enabled. You can disable or enable any or all of these and additional options after installation in the Interface Configuration: Advanced Options window.


Click Next. The Active Service Monitoring window opens.

Step 15   To enable the Cisco Secure ACS monitoring service, select the Enable Log-in Monitoring check box, and then select the script to execute when the login process fails the test:

  • No Remedial Action. Leave Cisco Secure ACS operating as is.
  • Reboot. Reboot the system on which Cisco Secure ACS is running.
  • Restart All. (default) Restart all Cisco Secure ACS services.
  • Restart RADIUS/TACACS+. Restart only the RADIUS and/or TACACS+ protocol.

You can also develop scripts to be executed if there is a system failure. See the Online Documentation for more information.

To have Cisco Secure ACS generate an e-mail message when administrator events occur, select the Enable Mail Notifications check box, and then enter the following data:

  • SMTP Mail Server. Type the name and domain of the sending mail server; for example, server1.company.com.
  • Mail account to notify. Type the complete e-mail address of the intended recipient; for example, msmith@company.com.

Click Next. The Cisco Secure ACS Service Initiation window opens.

Step 16   If you do not want to configure a NAS from Setup, click Next. and skip to the Completing Setup section.

To configure a single NAS, click Yes, I want to configure Cisco IOS now, and then click Next.

If you selected Yes, I want to configure Cisco IOS now, the Enable Secret Password window opens.

Configuring the NAS


Step 1   Type an optional Enable Secret password that can be used in addition to the Enable password. Click Next. The Access Server Configuration window opens.

Step 2   Click Next. The NAS Configuration window opens. Review the information in the scrolling window. This information is the minimum Cisco IOS AAA configuration requirement for the NAS.

Step 3   Select the following options as needed to configure your NAS:

  • Click Telnet Now? to Telnet to the IP address that you entered in the Network Access Server Details window. The NAS configuration is automatically copied to the clipboard and can be pasted directly into the NAS configuration file. See your Cisco IOS documentation for more information.
  • Click Print to make a copy of the sample configuration. Review the printed copy before you Telnet to the NAS.
  • Click Next to continue without configuring a NAS. The Cisco Secure ACS Service Initiation window opens.

Completing Setup


Step 1   Select or clear the following options, as desired:

  • Yes, I want to start the Cisco Secure ACS Service now

Note      The service must be running to access the Cisco Secure ACS web-based interface.


  • Yes, I want Setup to launch Cisco Secure ACS Administrator from my browser following installation
  • Yes, I want to view the readme file

Note      The readme file contains additional important information.


Click Next. The Setup Complete window opens.

Step 2   To complete installation of Cisco Secure ACS, click Finish. Setup creates an icon labeled ACS Admin on the desktop, providing a shortcut to the Cisco Secure ACS HTML interface in the default web browser. If you selected the "launch" option in Step 1, your browser launches and Cisco Secure ACS opens. If you selected the "readme" option in Step 1, the readme file opens.

Starting Cisco Secure ACS

To start Cisco Secure ACS, double-click the ACS Admin icon to start a browser with the URL for ACS Admin. You can also access Cisco Secure ACS in an existing web browser by entering http:// IP address:2002. For example, http://172.16.0.1:2002.


Note      To access Cisco Secure ACS from a computer other than the Cisco Secure ACS server, you must have an administrative account.



Note      To administer Cisco Secure ACS from outside a firewall, the firewall must permit HTTP traffic over the port range specified in HTTP Port Allocation in Administration Control: Access Policy.