beautypg.com

Network environments and administrative sessions, Administrative sessions and http proxy – Cisco 3.3 User Manual

Page 70

background image

Chapter 1 Overview

Cisco Secure ACS HTML Interface

1-30

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

If SSL is enabled and you do not specify HTTPS, Cisco Secure ACS redirects the
initial request to HTTPS for you. Using SSL to access the login page protects
administrator credentials. For more information about enabling SSL to protect
administrative sessions, see

Access Policy, page 12-11

.

From the computer running Cisco Secure ACS, you can also use the following
URLs:

http://127.0.0.1:2002

http://hostname:2002

where hostname is the hostname of the computer running Cisco Secure ACS. If
SSL is enabled, you can specify the HTTP protocol in the URLs:

https://127.0.0.1:2002

https://hostname:2002

Network Environments and Administrative Sessions

We recommend that administrative sessions take place without the use of an
HTTP proxy server, without a firewall between the browser and Cisco Secure
ACS, and without a NAT gateway between the browser and Cisco Secure ACS.
Because these limitations are not always practical, this section discusses how
various network environmental issues affect administrative sessions.

This section contains the following topics:

Administrative Sessions and HTTP Proxy, page 1-30

Administrative Sessions through Firewalls, page 1-31

Administrative Sessions through a NAT Gateway, page 1-31

Administrative Sessions and HTTP Proxy

Cisco Secure ACS does not support HTTP proxy for administrative sessions. If
the browser used for an administrative session is configured to use a proxy server,
Cisco Secure ACS sees the administrative session originating from the IP address
of the proxy server rather than from the actual address of the computer.
Administrative session tracking assumes each browser resides on a computer with
a unique IP.