IBM Tivoli and Cisco User Manual

Chapter 7. Network enforcement subsystem implementation

331

5. The action should be

Allow

and the protocol should be

All

(Figure 7-99).

Figure 7-99 Rules for untrusted to trusted

6. Select the group you created (

AllowAll

) from the first drop-down menu.

Select Untrusted

→

Trusted from the second drop-down menu. Click Add

Policy.

7. This rule will be to allow access from the Auth VLAN to the Security

Compliance Manager. Set the following parameters:

Action: Allow
State: Enabled
Category: IP
Protocol: TCP
Untrusted: 192.168.20.0/255.255.255.0:*
Trusted: 192.168.9.220/255.255.255.255:*
Description:

Allow access to Security Compliance Manager

8. Click Add Policy.

9. Repeat step 7, changing

Trusted

to

192.168.104.10

and

Description

to

Allow

Access to TCM

.

10.Repeat step 7, changing

Protocol

to

ICMP

and

Type

to

Any

for both the

Security Compliance Manager and Tivoli Configuration Manager.