Guest

Cisco Secure Access Control Server for Windows

Quick Installation: CiscoSecure ACS 2.3 for Windows NT Server

 Feedback

Table of Contents

Quick Installation Card
CiscoSecure ACS 2.3 for Windows NT Server

Installing the Software
Configuring the NAS
Completing Setup
Starting CiscoSecure ACS

Quick Installation Card
CiscoSecure ACS 2.3 for Windows NT Server



Note:      Make sure you have already followed the instructions on the Read Me First: CiscoSecure ACS 2.3 for Windows NT Server Getting Started card. To install this product correctly, you must be very familiar with Microsoft Internet Information Server (IIS) and Secure Socket Layer (SSL).


Installing the Software


Note:      Close all Windows programs before you run Setup.


1. Insert the CiscoSecure ACS 2.3 for Windows NT Server CD into your CD-ROM drive. The Installation window opens.

2. Click Install. The Software License Agreement window opens.

3. Read the Software License Agreement; click Accept to agree to the licensing terms and conditions. The Welcome window opens.

4. Click Next. The Before You Begin window opens.

5. Verify that each condition is met, then click the check box for each item. Click Next. (Click Explain for more information on the listed items. If any condition is not met, click Cancel to exit Setup.) The Choose Destination Location window opens.

6. (Optional) If an earlier version of CiscoSecure ACS is installed, Setup asks if you want to remove the previous version and save the existing database information. To keep the existing data, click:

Yes, keep existing database

To use a new database, clear the check box.

7. To install the software in the default directory, click Next. To use a different directory, click Browse and enter the directory to use. If the directory does not exist, it is created. The Authentication Database Configuration window opens.

8. Click the option button(s) for the authentication database(s) to be used by CiscoSecure:

­ Check the CiscoSecure ACS Database only (default)

­ Also check the Windows NT User Database

If you select the first option, CiscoSecure ACS will use only the CiscoSecure ACS database; if you select the second option, CiscoSecure ACS will check both databases.

9. (Optional) To limit dial-in access to only those users you specified in the Windows NT User Manager, click:

Yes, reference "Grant dialin permission to user" setting

Click Next. The Network Access Server Details window opens.

10. Complete the following information. (Review the CiscoSecure ACS 2.3 for Windows NT Server Getting Started quick reference card.)

­ Authenticate Users Using—Type of security protocol to be used. TACACS+ (Cisco) is the default.

­ Access Server Name—Name of the NAS that will be using the CiscoSecure ACS services.

­ Access Server IP Address—IP address of the NAS that will be using the CiscoSecure ACS services.

­ Windows NT Server IP Address—IP address of this Windows NT server.

­ TACACS+ or RADIUS Key—Shared secret of the NAS and CiscoSecure ACS. These passwords must be identical to ensure proper function and communication between the NAS and CiscoSecure ACS. Shared secrets are case-sensitive.

When you have finished entering all the information, click Next. The Enable Secret Password window opens.

11. (Optional) Enter an Enable Secret password that can be used in addition to the Enable password. Click Next. Setup then copies the CiscoSecure ACS files to the Windows NT hard disk. The Access Server Configuration window opens.

12. If you do not want to configure a NAS from Setup, click Next. The CiscoSecure ACS Service Initiation window opens. Skip to the "Completing Setup" section.

To configure a single NAS now, click:

Yes, I want to configure Cisco IOS now

Click Next.

Configuring the NAS

1. If you selected Yes, I want to configure Cisco IOS now, the Access Server Configuration window opens. Click Next. The NAS Configuration window opens.

2. Review the information in the scrolling window. This information is the minimum Cisco IOS AAA configuration requirement for the NAS.

3. Select one of the following options:

­ Click Telnet Now? to Telnet to the IP address that you entered in the NAS Details window. The NAS configuration is automatically copied to the clipboard and can be pasted directly into the NAS configuration file. See your Cisco IOS documentation for more information.

­ Click Print to make a copy of the sample configuration. Review the printed copy before you Telnet to the NAS.

­ Click Next to continue without configuring a NAS.

4. Click Next. The Interface Configuration window opens. The Interface Configuration options are disabled by default. Click the check box to enable any or all of the options listed.


Note:      Configuration options for these items are displayed in the CiscoSecure ACS interface only if they are enabled. You can disable or enable any or all of these options after installation in the Interface Configuration: Advanced Options window.


5. Click Next. The Active Service Monitoring window opens. To enable the CiscoSecure ACS monitoring service, CSMon, check the Enable Log-in Monitoring check box, then click one of the following options:

­ AllRestarts all CiscoSecure ACS services

­ RADIUS/TACACS+—Restarts just the protocol modules

­ Reboot—Reboots the Windows NT server.


Note:      You can also develop your own scripts to be executed upon failure. See the Online Documentation for more information.


To have CiscoSecure ACS generate an e-mail message when administrator events occur, check the Enable Mail Notifications check box, then enter the following information:

­ SMTP Mail Server—Enter the name and domain of the sending mail server; for example, server1.company.com

­ Mail account to notify—Enter the complete e-mail address of the intended recipient; for example, msmith@company.com

6. Click Next. The CiscoSecure ACS Service Initiation window opens.

Completing Setup

1. In the Service Initiation window, check one or more of the following options:

­ Yes, I want to start the CiscoSecure ACS Service now


Note:      The service must be running to access the CiscoSecure ACS web-based interface.


­ Yes, I want Setup to launch the CiscoSecure ACS Administrator from my browser following installation

­ Yes, I want to view the readme file


Note:      The readme file contains additional important information.


2. Click Next. The Setup Complete window opens.

3. Click Finish. Installation of CiscoSecure ACS is complete. An icon labeled ACS Admin is created on the Windows NT desktop. This is a shortcut to the CiscoSecure ACS program associated with your browser. If you selected the "launch" option in step 1, your browser launches and CiscoSecure ACS opens. If you selected the "readme" option in step 1, the readme file opens.

Starting CiscoSecure ACS

To start CiscoSecure ACS, double-click the ACS Admin icon to launch a browser with the URL for ACS Admin, or enter:

http:// IP address:2002

For example:


Note:      Each remote administrator must have remote administration access permission.