07-09-2018 02:34 AM - edited 02-21-2020 07:57 AM
Hi. I am currently using Cisco ACS 5.8 and am setting up vulnerability scanners in my environment.
I would like to ask is there any way to set IP address filtering, or any similar feature to allow my scanner to do an authenticated scan. Specifically referring to only the CLI client.
07-09-2018 08:58 AM
If you're asking about not requiring authentication from only the IP address of the scanner then no - I don't believe you can do that.
Many scanners will allow you to provide credentials to use (or try) with the targeted networks. You could use that and make the credentials used a local (or external identity store) account in your ACS.
07-12-2018 12:20 AM
Hi Marvin,
Yes I have actually created an account for the scanner to use for the purpose of scanning. However, somehow I am getting unauthenticated scan, which simply means that scanner can ping the ACS, but not able to scan with the credentials. Something else is blocking.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide