cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1390
Views
1
Helpful
10
Replies
Highlighted
Rising star

ACS: How to import policies?

Hi everyone,

ACS 5.8 added the option of exporting policies to a repository, yet I haven't seen any interface to import those policies into ACS. Furthermore, they are exported encrypted which makes them completely unreadable from an auditing standpoint. Any chance they can be decrypted outside of ACS?

Have a good weekend :)

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

 

Hi,

Do we have policies in support bundle? Again any unauthorized access of security policy will cause more damage than of unauthorized access of support bundle.

To add this feature you need to contact your accounts team from Cisco and they will process it further but chances are you will hear same thing.


Regards,

~JG

View solution in original post

10 REPLIES 10
Highlighted

Hi Hod,

You can decrypt the exported XML file using the encryption password to perform a quick analysis of the ACS configuration and identify any errors. You must have an administrator account with SuperAdmin role to export policies from the ACS web interface.

Regards,

~JG

Highlighted

Hi Jagdeep,

I read that in the guide, and yet I haven't found how these can be imported back if at all. Was the purpose of exporting policies for auditing rather than backup? That's odd considering users and NASes can be exported as encrypted or not, and imported, whereas policies exporting doesn't allow null encryption nor importing. Why would it be designed this way?

Highlighted

Hi Hod,

I see your point and no doubt it’s kind of odd. I guess idea behind this was just to make it more secure. ACS policies are more sensitive/critical and carry more weight than network devices. Any unauthorized access to security policy will cause more damage than network devices info.

Regards,

~JG

Do rate helpful posts

Highlighted

Hi,

Keep in mind that even entire support bundles can be performed with null encryption and transfered from ACS via TFTP, so backing up policies shouldn't force mandatory security if they can be inferred easily from logs. 

How can I post optional encryption and importing of policies as a feature request for future ACS versions?

Thanks!

Highlighted

 

Hi,

Do we have policies in support bundle? Again any unauthorized access of security policy will cause more damage than of unauthorized access of support bundle.

To add this feature you need to contact your accounts team from Cisco and they will process it further but chances are you will hear same thing.


Regards,

~JG

View solution in original post

Highlighted

Hi

I have exported the policy to my remote repository, but I just cant seem to decrypt it. I am never prompted to type in the password. Can you give me a hint of how to do this ?

thanks

I

Highlighted

Highlighted

thanks!!! works great.

Highlighted
Beginner

In 5.8 patch 4, it appears you can avoid encryption.  However, I haven't seen an answer to your original question.  Can you import the XML file?  I'm interested because I have a lab setup that I would like to import all of the policy data from production ACS deployment.  Time saver!!

Highlighted

Hi Jwsirktwc,

We have no option to import the xml file in the ACS .

Thanks

VenkataKrishna

Please rate helpful posts and mark correct answers.

Content for Community-Ad