Solved: Hi

Nadav · ‎10-29-2015

Hi everyone,

ACS 5.8 added the option of exporting policies to a repository, yet I haven't seen any interface to import those policies into ACS. Furthermore, they are exported encrypted which makes them completely unreadable from an auditing standpoint. Any chance they can be decrypted outside of ACS?

Have a good weekend :)

Jagdeep Gambhir · ‎11-01-2015

Hi,

Do we have policies in support bundle? Again any unauthorized access of security policy will cause more damage than of unauthorized access of support bundle.

To add this feature you need to contact your accounts team from Cisco and they will process it further but chances are you will hear same thing.

Regards,

~JG

View solution in original post

Jagdeep Gambhir · ‎10-31-2015

Hi Hod,

You can decrypt the exported XML file using the encryption password to perform a quick analysis of the ACS configuration and identify any errors. You must have an administrator account with SuperAdmin role to export policies from the ACS web interface.

Regards,

~JG

Nadav · ‎10-31-2015

Hi Jagdeep,

I read that in the guide, and yet I haven't found how these can be imported back if at all. Was the purpose of exporting policies for auditing rather than backup? That's odd considering users and NASes can be exported as encrypted or not, and imported, whereas policies exporting doesn't allow null encryption nor importing. Why would it be designed this way?

Jagdeep Gambhir · ‎10-31-2015

Hi Hod,

I see your point and no doubt it’s kind of odd. I guess idea behind this was just to make it more secure. ACS policies are more sensitive/critical and carry more weight than network devices. Any unauthorized access to security policy will cause more damage than network devices info.

Regards,

~JG

Do rate helpful posts

Nadav · ‎11-01-2015

Hi,

Keep in mind that even entire support bundles can be performed with null encryption and transfered from ACS via TFTP, so backing up policies shouldn't force mandatory security if they can be inferred easily from logs.

How can I post optional encryption and importing of policies as a feature request for future ACS versions?

Thanks!

Jagdeep Gambhir · ‎11-01-2015

Hi,

Do we have policies in support bundle? Again any unauthorized access of security policy will cause more damage than of unauthorized access of support bundle.

To add this feature you need to contact your accounts team from Cisco and they will process it further but chances are you will hear same thing.

Regards,

~JG

larsen_2011 · ‎05-03-2016

Hi

I have exported the policy to my remote repository, but I just cant seem to decrypt it. I am never prompted to type in the password. Can you give me a hint of how to do this ?

thanks

I

Nadav · ‎05-03-2016

Here's the hint:

http://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html

larsen_2011 · ‎05-04-2016

thanks!!! works great.

jwsirktwc · ‎07-20-2016

In 5.8 patch 4, it appears you can avoid encryption. However, I haven't seen an answer to your original question. Can you import the XML file? I'm interested because I have a lab setup that I would like to import all of the policy data from production ACS deployment. Time saver!!

vthaluru · ‎07-21-2016

Hi Jwsirktwc,

We have no option to import the xml file in the ACS .

Thanks

VenkataKrishna

Please rate helpful posts and mark correct answers.

ACS: How to import policies?