This document talks about availability of the Daylight Savings Time (DST) configuration on the Cisco Access Control System 5.x series appliance.
Since the new Cisco Access Control System 5.x series appliances, namely, model 1120 and 1121 are running Linux as OS, it is different than previous ACS 4.x series Solution Engines. ACS 4.x has Windows 2000/2003 as OS, which already has support for Daylight Savings Time (DST).
The actual concern with not having a DST functionality on the ACS 5.x is, it would affect the Active Directory connection, Log time stamps in the Monitoring & Reporting section, and to some extent, on EAP-TLS certificate validity.
Currently there is no option to enable Daylight Saving Time on any of the ACS 5.x series appliances. This has been raised as an enhancement request in the bug CSCtr77935.
Meanwhile, till the enhancement request is added in the upcoming versions of the ACS 5.x, we can manually change the time on the ACS 5.x server from the CLI. Here is a step by step configuration to change the time on the ACS 5.x:
1. SSH to the ACS 5.x using ssh version 2.
2. Run the following to check the current time on the ACS:
acs5/admin# show clock
Thu Mar 15 01:32:50 EDT 2012
3. Now, use the clock set command to change the time:
Note: This will require restart of the ACS services and will affect the new authentications. Please take a downtime if required.
acs5/admin# clock set Mar 15 02:34:00 2012
Clock was modified. You must restart ACS.
Do you want to restart ACS now? (yes/no) yes
Stopping Management and View.......................
Starting ACS ....
To verify that ACS processes are running, use the
'show application status acs' command.
3. Ensure that all the services have come up properly. It takes 2-3 minutes for the services to come up. In case all the services did not come up, please contact Cisco TAC immediately.
acs51/admin# show application status acs
ACS role: PRIMARY
Process 'database' running
Process 'management' running
Process 'runtime' running
Process 'adclient' running
Process 'view-database' running
Process 'view-jobmanager' running
Process 'view-alertmanager' running
Process 'view-collector' running
Process 'view-logprocessor' running
4. Check the updated time on the ACS:
acs51/admin# show clock
Thu Mar 15 02:40:47 EDT 2012
CLI Reference Guide for Cisco Secure Access Control System 5.3
I'm trying to create a control-plane ACL on the outside interface of one of our FTDs that's being managed by FDM. The following was pasted into the flexconfig template field: access-list CPLANE extended permit tcp host VPN_Client_IP host VPN_Server_I...
I have a Cisco ASA running 7.14. I have 2 WAN interfaces and a separate SSL vpn pointed to each WAN address. I have purchased 2 trusted certs and installed them. Is there a way to assign the correct cert to each AnyConnect profile? vpn.<company.co...
Hi Team,In my org, we are using Anyconnect IPsec-IKEv2 for all remote users and now we have to plan to have this integrated with DUO or Azure AD. So wanted to check whether with IKEv2, will it work or should I need to enable SSL as well ?
Hi all, Is there a way to restrict cisco anyconnect vpn user to access specific network IP range?Currently existing user connect vpn with cisco anyconnect and we only have one public IP dedicated for this purposes. user enter AD password and ID ...