Table of ContentsInstalling Cisco Secure ACS 2.5 for Windows 2000/NT Server
Installing the Software
Configuring the NAS
Starting Cisco Secure ACS
Note Before beginning, read the Read Me First: Cisco Secure ACS 2.5 for Windows 2000/NT Server Getting Started card and complete its "Information You Need" section.
|Caution If an earlier version of Cisco Secure ACS is installed, back up data to another server before installation. If errors occur during install, run Clean.exe from the Cisco Secure ACS CD-ROM as described in the readme file or release notes, and then re-run Setup.|
Step 1 Log in as the local system administrator to the server on which you are installing Cisco Secure ACS.
Step 2 Insert the Cisco Secure ACS CD-ROM into your CD-ROM drive. The Installation window opens.
Step 3 Click Install.
Step 4 In the Software License Agreement window, read the agreement; click Accept to agree to the licensing terms and conditions. The Welcome window opens.
Step 5 Click Next. The Before You Begin window opens.
Step 6 Verify that each condition is met, and select the check box for each item. Click Next. (Click Explain for information on the listed items. If any condition is not met, click Cancel to exit Setup.) If this is a new installation, skip to Step 9<Xref_Color>.
Step 7 If Cisco Secure ACS is already installed, the Previous Installation window asks if you want to remove the previous version and save the existing database information. To keep the existing data, select the Yes, keep existing database check box. To use a new database, click to clear the check box.
Step 8 If Setup finds a configuration, it asks if you want to import the configuration. To keep the existing configuration, select the Yes, import configuration check box. To use a new configuration, click to clear the check box.
Step 9 To install the software in the default directory, click Next. To use a different directory, click Browse and enter the directory to use. If the directory does not exist, Setup asks if you want to create it. Click Yes. The Authentication Database Configuration window opens.
Step 10 Click the option button(s) for the authentication database(s) to be used by Cisco Secure ACS:
Step 11 To limit dial-in access to only those users you specified in Windows NT User Manager or in Windows 2000 Active Directory Users and Computers, click Yes, reference "Grant dialin permission to user" setting.
Step 12 Complete the following information. (Review the Read Me First: Cisco Secure ACS 2.5 for Windows 2000/NT Server Getting Started quick reference card.)
- Authenticate Users Using. Type of security protocol to be used. TACACS+ (Cisco) is the default.
- Access Server Name. Name of the NAS that will be using Cisco Secure ACS services.
- Access Server IP Address. IP address of the NAS that will be using Cisco Secure ACS services.
- Windows NT Server IP Address. IP address of this Windows NT server.
- TACACS+ or RADIUS Key. Shared secret of the NAS and Cisco Secure ACS. These passwords must be identical to ensure proper function and communication between the NAS and Cisco Secure ACS. Shared secrets are case sensitive.
Step 13 Click Next. The Interface Configuration window opens.
Step 14 Select the check box to enable any or all options listed. Interface Configuration options are disabled by default.
Note Configuration options for these items appear in the Cisco Secure ACS interface only if they are enabled. You can disable or enable any or all of these and additional options after installation in the Interface Configuration: Advanced Options window.
Step 15 To enable the Cisco Secure ACS monitoring service, select the Enable Log-in Monitoring check box, and then select the script to execute when the login process fails the test:
Step 16 If you do not want to configure a NAS from Setup, click Next. and skip to the Completing Setup section.
Step 1 Type an optional Enable Secret password that can be used in addition to the Enable password. Click Next. The Access Server Configuration window opens.
Step 2 Click Next. The NAS Configuration window opens. Review the information in the scrolling window. This information is the minimum Cisco IOS AAA configuration requirement for the NAS.
Step 3 Select the following options as needed to configure your NAS:
- Click Telnet Now? to Telnet to the IP address that you entered in the Network Access Server Details window. The NAS configuration is automatically copied to the clipboard and can be pasted directly into the NAS configuration file. See your Cisco IOS documentation for more information.
- Click Print to make a copy of the sample configuration. Review the printed copy before you Telnet to the NAS.
- Click Next to continue without configuring a NAS. The Cisco Secure ACS Service Initiation window opens.
Step 1 Select or clear the following options, as desired:
Step 2 To complete installation of Cisco Secure ACS, click Finish. Setup creates an icon labeled ACS Admin on the desktop, providing a shortcut to the Cisco Secure ACS HTML interface in the default web browser. If you selected the "launch" option in Step 1, your browser launches and Cisco Secure ACS opens. If you selected the "readme" option in Step 1, the readme file opens.
To start Cisco Secure ACS, double-click the ACS Admin icon to start a browser with the URL for ACS Admin. You can also access Cisco Secure ACS in an existing web browser by entering http:// IP address:2002. For example, http://172.16.0.1:2002.
Note To access Cisco Secure ACS from a computer other than the Cisco Secure ACS server, you must have an administrative account.
Note To administer Cisco Secure ACS from outside a firewall, the firewall must permit HTTP traffic over the port range specified in HTTP Port Allocation in Administration Control: Access Policy.