cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1371
Views
10
Helpful
3
Replies

Posture Validation on ACS 5.3

ComstorFR
Level 1
Level 1

Hi

Can anyone tell me if it's possible to enable Posture validation on ACS 5.3.

If so, could I have a link or a procedure for implementation ?

best regards

2 Accepted Solutions

Accepted Solutions

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

ACS 5.3 does not perform posture validation, like 4.2 did. That was known as nac framework and Cisco has dedicated appliance (Cisco clean access - cisco.com/go/nac) and a new appliance which uses radius and is a hybrid of ACS 5 and nac called ISE (cisco.com/go/ise).

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Hi,

You bring up a very interesting point, however from my experience with supporting and working with ACS there isnt any posture validation configuration that I know of, also in the user guide there isnt a posture validation section that I have seen. I am wondering if this is a documentation bug to see if this needs to be addressed.

If you look at the migration mapping found here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/migration/guide/Appendix_B_Config_Mapping.html

There is an "N/A" for posture validation on ACS 5.x

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

3 Replies 3

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

ACS 5.3 does not perform posture validation, like 4.2 did. That was known as nac framework and Cisco has dedicated appliance (Cisco clean access - cisco.com/go/nac) and a new appliance which uses radius and is a hybrid of ACS 5 and nac called ISE (cisco.com/go/ise).

Thanks,

Tarik Admani
*Please rate helpful posts*

Hi Tarik,

Thank you for your reply

but why  some links like this, it appears that ACS5.3 can activate posture validation

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/data_sheet_c78-683481.pdf

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/ACSuserguide.pdf

So what can we do to get this feature with ACS 5.3 (1121-K9). can  we migrate to ISE 1.0? our customer is not a ATP certified and therefore can not buy ISE

Hi,

You bring up a very interesting point, however from my experience with supporting and working with ACS there isnt any posture validation configuration that I know of, also in the user guide there isnt a posture validation section that I have seen. I am wondering if this is a documentation bug to see if this needs to be addressed.

If you look at the migration mapping found here:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/migration/guide/Appendix_B_Config_Mapping.html

There is an "N/A" for posture validation on ACS 5.x

Thanks,

Tarik Admani
*Please rate helpful posts*