[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


cisco acs 5.2 can not select default access policy to deny access if rules are not matched

Posted on 2011-05-11
Medium Priority
Last Modified: 2012-05-11
I have 3 policies on Cisco acs 5.2.
1 - allow users in the vpn AD group to have access if protocol = RADIUS and device type = ASA service = VPN
2 - allow users in the domain to have access if protocol = RADIUS service = default network access
3 - allow access if protocol = TACACS service = default device admin

on the bottom of the access policy - Service selection policy screen
There is an option for  Default policy If no rules defined or no enabled rule matches  deny access.
There is a check box  beside this option.  
I cannot check this box.  How do I enable this to prevent users that do not match the rules above from gaining access.
Question by:schristo

Accepted Solution

erdelgad earned 2000 total points
ID: 35748177

I think you need to understand how ACS 5.x works.

The authentication will check the access selection rule, once on the rule will check the identity policy and finally will check the authorization rules.

If you want to restrict based on AD group or any other condition that have to be done on the authorization rules saying that if you match this xxx AD group allow access if not match the default.

I always suggest to have the default in deny access and that can be done by clicking default.

Erick Delgado
ACS specialist.
LVL 71

Expert Comment

ID: 35951018
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Featured Post

Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question