Network environments and administrative sessions, Administrative sessions and http proxy – Cisco 3.3 User Manual
Page 70
Chapter 1 Overview
Cisco Secure ACS HTML Interface
1-30
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
If SSL is enabled and you do not specify HTTPS, Cisco Secure ACS redirects the
initial request to HTTPS for you. Using SSL to access the login page protects
administrator credentials. For more information about enabling SSL to protect
administrative sessions, see
.
From the computer running Cisco Secure ACS, you can also use the following
URLs:
•
http://127.0.0.1:2002
•
http://hostname:2002
where hostname is the hostname of the computer running Cisco Secure ACS. If
SSL is enabled, you can specify the HTTP protocol in the URLs:
•
https://127.0.0.1:2002
•
https://hostname:2002
Network Environments and Administrative Sessions
We recommend that administrative sessions take place without the use of an
HTTP proxy server, without a firewall between the browser and Cisco Secure
ACS, and without a NAT gateway between the browser and Cisco Secure ACS.
Because these limitations are not always practical, this section discusses how
various network environmental issues affect administrative sessions.
This section contains the following topics:
•
Administrative Sessions and HTTP Proxy, page 1-30
•
Administrative Sessions through Firewalls, page 1-31
•
Administrative Sessions through a NAT Gateway, page 1-31
Administrative Sessions and HTTP Proxy
Cisco Secure ACS does not support HTTP proxy for administrative sessions. If
the browser used for an administrative session is configured to use a proxy server,
Cisco Secure ACS sees the administrative session originating from the IP address
of the proxy server rather than from the actual address of the computer.
Administrative session tracking assumes each browser resides on a computer with
a unique IP.