10-29-2015 01:25 PM - edited 03-10-2019 11:12 PM
Hi everyone,
ACS 5.8 added the option of exporting policies to a repository, yet I haven't seen any interface to import those policies into ACS. Furthermore, they are exported encrypted which makes them completely unreadable from an auditing standpoint. Any chance they can be decrypted outside of ACS?
Have a good weekend :)
Solved! Go to Solution.
11-01-2015 01:51 AM
Hi,
Do we have policies in support bundle? Again any unauthorized access of security policy will cause more damage than of unauthorized access of support bundle.
To add this feature you need to contact your accounts team from Cisco and they will process it further but chances are you will hear same thing.
Regards,
~JG
10-31-2015 11:34 AM
Hi Hod,
You can decrypt the exported XML file using the encryption password to perform a quick analysis of the ACS configuration and identify any errors. You must have an administrator account with SuperAdmin role to export policies from the ACS web interface.
Regards,
~JG
10-31-2015 01:00 PM
Hi Jagdeep,
I read that in the guide, and yet I haven't found how these can be imported back if at all. Was the purpose of exporting policies for auditing rather than backup? That's odd considering users and NASes can be exported as encrypted or not, and imported, whereas policies exporting doesn't allow null encryption nor importing. Why would it be designed this way?
10-31-2015 05:37 PM
Hi Hod,
I see your point and no doubt it’s kind of odd. I guess idea behind this was just to make it more secure. ACS policies are more sensitive/critical and carry more weight than network devices. Any unauthorized access to security policy will cause more damage than network devices info.
Regards,
~JG
Do rate helpful posts
11-01-2015 12:07 AM
Hi,
Keep in mind that even entire support bundles can be performed with null encryption and transfered from ACS via TFTP, so backing up policies shouldn't force mandatory security if they can be inferred easily from logs.
How can I post optional encryption and importing of policies as a feature request for future ACS versions?
Thanks!
11-01-2015 01:51 AM
Hi,
Do we have policies in support bundle? Again any unauthorized access of security policy will cause more damage than of unauthorized access of support bundle.
To add this feature you need to contact your accounts team from Cisco and they will process it further but chances are you will hear same thing.
Regards,
~JG
05-03-2016 12:14 PM
Hi
I have exported the policy to my remote repository, but I just cant seem to decrypt it. I am never prompted to type in the password. Can you give me a hint of how to do this ?
thanks
I
05-03-2016 02:42 PM
05-04-2016 02:30 AM
thanks!!! works great.
07-20-2016 01:19 PM
In 5.8 patch 4, it appears you can avoid encryption. However, I haven't seen an answer to your original question. Can you import the XML file? I'm interested because I have a lab setup that I would like to import all of the policy data from production ACS deployment. Time saver!!
07-21-2016 02:17 AM
Hi Jwsirktwc,
We have no option to import the xml file in the ACS .
Thanks
VenkataKrishna
Please rate helpful posts and mark correct answers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide