cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2765
Views
1
Helpful
10
Replies

ACS: How to import policies?

Nadav
Level 7
Level 7

Hi everyone,

ACS 5.8 added the option of exporting policies to a repository, yet I haven't seen any interface to import those policies into ACS. Furthermore, they are exported encrypted which makes them completely unreadable from an auditing standpoint. Any chance they can be decrypted outside of ACS?

Have a good weekend :)

1 Accepted Solution

Accepted Solutions

 

Hi,

Do we have policies in support bundle? Again any unauthorized access of security policy will cause more damage than of unauthorized access of support bundle.

To add this feature you need to contact your accounts team from Cisco and they will process it further but chances are you will hear same thing.


Regards,

~JG

View solution in original post

10 Replies 10

Jagdeep Gambhir
Level 10
Level 10

Hi Hod,

You can decrypt the exported XML file using the encryption password to perform a quick analysis of the ACS configuration and identify any errors. You must have an administrator account with SuperAdmin role to export policies from the ACS web interface.

Regards,

~JG

Hi Jagdeep,

I read that in the guide, and yet I haven't found how these can be imported back if at all. Was the purpose of exporting policies for auditing rather than backup? That's odd considering users and NASes can be exported as encrypted or not, and imported, whereas policies exporting doesn't allow null encryption nor importing. Why would it be designed this way?

Hi Hod,

I see your point and no doubt it’s kind of odd. I guess idea behind this was just to make it more secure. ACS policies are more sensitive/critical and carry more weight than network devices. Any unauthorized access to security policy will cause more damage than network devices info.

Regards,

~JG

Do rate helpful posts

Hi,

Keep in mind that even entire support bundles can be performed with null encryption and transfered from ACS via TFTP, so backing up policies shouldn't force mandatory security if they can be inferred easily from logs. 

How can I post optional encryption and importing of policies as a feature request for future ACS versions?

Thanks!

 

Hi,

Do we have policies in support bundle? Again any unauthorized access of security policy will cause more damage than of unauthorized access of support bundle.

To add this feature you need to contact your accounts team from Cisco and they will process it further but chances are you will hear same thing.


Regards,

~JG

Hi

I have exported the policy to my remote repository, but I just cant seem to decrypt it. I am never prompted to type in the password. Can you give me a hint of how to do this ?

thanks

I

thanks!!! works great.

jwsirktwc
Level 1
Level 1

In 5.8 patch 4, it appears you can avoid encryption.  However, I haven't seen an answer to your original question.  Can you import the XML file?  I'm interested because I have a lab setup that I would like to import all of the policy data from production ACS deployment.  Time saver!!

Hi Jwsirktwc,

We have no option to import the xml file in the ACS .

Thanks

VenkataKrishna

Please rate helpful posts and mark correct answers.