Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
749
Views
0
Helpful
2
Replies

Cisco ACS IP address filtering

skyswords
Level 1
Level 1

‎07-09-2018 02:34 AM - edited ‎02-21-2020 07:57 AM

Hi. I am currently using Cisco ACS 5.8 and am setting up vulnerability scanners in my environment. 

I would like to ask is there any way to set IP address filtering, or any similar feature to allow my scanner to do an authenticated scan. Specifically referring to only the CLI client. 

0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-09-2018 08:58 AM

If you're asking about not requiring authentication from only the IP address of the scanner then no - I don't believe you can do that.

 

Many scanners will allow you to provide credentials to use (or try) with the targeted networks. You could use that and make the credentials used a local (or external identity store) account in your ACS.

0 Helpful

skyswords
Level 1
Level 1
In response to Marvin Rhoads

‎07-12-2018 12:20 AM

Hi Marvin,

 

Yes I have actually created an account for the scanner to use for the purpose of scanning. However, somehow I am getting unauthenticated scan, which simply means that scanner can ping the ACS, but not able to scan with the credentials. Something else is blocking. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card