Trend Micro, Inc.

April 2009


Trend Micro Policy Server for Cisco NAC


This readme file is current as of the date above. However, all customers are advised to check Trend Micro's Web site for documentation updates at

Register online with Trend Micro within 30 days of installation to continue downloading new pattern files and product updates from the Trend Micro Web site. Register during installation, or online at

Trend Micro is always seeking to improve its documentation. Your feedback is always welcome. Please evaluate this documentation on the following site:



  1. About Trend Micro Policy Server for Cisco Network Admission Control (NAC)

  2. Document Set

  3. System Requirements

  4. Installation

  5. Post-installation Configuration

  6. Known Issues

  7. Contact Information

  8. About Trend Micro

  9. License Agreement


1. About Trend Micro Policy Server for Cisco Network Admission Control (NAC)

Cisco Network Admission Control (NAC) provides a means to communicate and evaluate the status of antivirus components of OfficeScan clients. This helps you enforce your organizations antivirus policies by giving you the ability to perform actions on at-risk clients. These actions include instructing clients to update their OfficeScan client components, enable Real-time scan, and perform Scan Now and Cleanup Now.

Back to top



2. Document Set

The document set for Policy Server includes:

Back to top



3. System Requirements

   3.1. Policy Server

Operating system:


Web server:

Web console:


   3.2. Cisco Trust Agent

Operating system


Others: Windows Installer 2.0 or later


   3.3. Supported platforms and requirements

Supported Platform


IOS Images

Minimum Memory/Flash


Cisco 830, 870 series

831, 836, 837

IOS 12.3(8) or later


Cisco 1700 series

1701, 1711, 1712, 1721, 1751, 1751-V, 1760

IOS 12.3(8) or later


Cisco 1800 series


IOS 12.3(8) or later


Cisco 2600 series

2600XM, 2691

IOS 12.3(8) or later


Cisco 2800 series

2801, 2811, 2821, 2851

IOS 12.3(8) or later


Cisco 3600 series

3640/3640A, 3660-ENT series

IOS 12.3(8) or later


Cisco 3700 series

3745, 3725

IOS 12.3(8) or later


Cisco 3800 series

3845, 3825

IOS 12.3(8) or later


Cisco 7200 series

720x, 75xx

IOS 12.3(8) or later



VPN Concentrators

Cisco VPN 3000 Series

3005 - 3080

V4.7 or later




Cisco Catalyst 2900

2950, 2970

IOS 12.1(22)EA5


Cisco Catalyst 3x00

3550, 3560, 3750

IOS 12.2(25)SEC


Cisco Catalyst 4x00

Supervisor 2+ or higher

IOS 12.2(25)EWA


Cisco Catalyst 6500

6503, 6509, Supervisor 2 or higher

CatOS 8.5 or later

Sup2 - 128MB
Sup32 - 256MB
Sup720 - 512MB


Wireless Access Points

Cisco AP1200 Series




Back to top



4. Installation

To install Policy Server for Cisco NAC using the Policy Server installer:

  1. Log on to the computer to which you will install Policy Server for Cisco NAC.

  2. Locate the Policy Server for Cisco NAC installer package on the Enterprise DVD.

  3. Double-click setup.exe to run the installer package.

  4. Follow the installation instructions.

To install Policy Server for Cisco NAC from the OfficeScan server master installer:

  1. In the "Install Other OfficeScan Programs" screen of the OfficeScan server master installer, select Policy Server for Cisco NAC.

  2. Click Next.

  3. Continue with OfficeScan server installation until the Welcome screen for Trend Micro Policy Server for Cisco NAC appears.

  4. Click Next. The Policy Server for Cisco NAC License Agreement screen appears.

  5. Read the agreement and click Yes to continue. The Choose Destination Location screen appears.

  6. Modify the default destination location if necessary by clicking Browse and selecting a new destination for the Policy Server installation.

  7. Click Next. The Web Server screen appears.

  8. Choose the Web server for the Policy Server.

  1. Click Next. The Web Server Configuration screen appears.

  2. Configure the following information:

  1. If you selected to install Policy Server on an IIS server, select one of the following:

  1. Next to Port, type a port that will serve as the server listening port. When the Policy Server and OfficeScan server are on the same computer and uses the same Web server, the port numbers are as follows:

  1. If you selected to install Policy Server on an IIS server, you can use Secured Socket Layer (SSL). Type the SSL port number and the number of years to keep the SSL certificate valid (the default is 3 years). If you enable SSL, this port number will serve as the server�s listening port. The Policy Server�s address is as follows:

  1. Click Next.

  2. Specify the Policy Server console password and click Next.

  3. Specify the ACS Server authentication password and click Next.

  4. Review the installation settings. If satisfied with the settings, click Next to start the installation. Otherwise, click Back to go to the previous screens.

  5. When the installation completes, click Finish. The OfficeScan server master installer will continue with the rest of the OfficeScan server installation.

Back to top



5. Post-installation Configuration

 Configure Policy Server settings using the Web console immediately after completing the installation. Access the Policy Server Web console from the OfficeScan Web console or from the Start menu by clicking Programs > Trend Micro Policy server for Cisco NAC > Policy Server Console. For detailed instructions, refer to the OfficeScan Administrator's Guide and the Policy Server Help.

Back to top



6. Known Issues

The following are the known issues in this release:

  1. If the computer is running Windows 2003, disable the Internet Explorer Pop-up blocker to view client validation logs from the Policy Server Web console.

  2. Authentication between the ACS server and the Policy Server will fail when Policy Server is installed on IIS 5.0 on a Domain Controller computer with Active Directory.

  3. If the OfficeScan server and Policy Server are installed on the same computer, and the master installer installs Apache as the Web server, both OfficeScan and Policy Server use the same Apache installation. Therefore, uninstalling either OfficeScan server or Policy Server removes the Apache installation, which renders the remaining server (OfficeScan or Apache) inoperable.

  4. If the client user uninstalls the Cisco Trust Agent through Windows Control Panel > Add/Remove Programs, the Cisco Trust Agent version information of the client still appears in the client tree.

  5. If the you forget the user name and password configured during Policy Server setup for the ACS server to access the Policy Server, the password cannot be recovered. You must use IIS or Apache utilities to recreate a user name and password.

  6. The "Policy Server List" that appears on the Policy Server screen of the OfficeScan Web console adds any server you configure without  checking whether or not the server information is correct.

  7. When the Cisco Trust Agent (CTA) program needs to be updated, all existing CTAs must be removed and a new package must be deployed again to all the client computers.

  8. Internet Server Application Programming Interface (ISAPI) does not work on Apache Web server versions 2.0.56 to 2.0.59 and versions 2.2.3 to 2.2.4.

Back to top



7. Contact Information

A license to the Trend Micro software usually includes the right to product updates, pattern file updates, and basic technical support for one (1) year from the date of purchase only. After the first year, Maintenance must be renewed on an annual basis at Trend Micro's then-current Maintenance fees.

You can contact Trend Micro via fax, phone, and email, or visit us at

Evaluation copies of Trend Micro products can be downloaded from our Web site.


Global Mailing Address/Telephone numbers

For global contact information in the Asia/Pacific region, Australia and New Zealand, Europe, Latin America, and Canada, refer to

The Trend Micro "About Us" screen displays. Click the appropriate link in the "Contact Us" section of the screen.

Note: This information is subject to change without notice.

Back to top



8. About Trend Micro

Trend Micro, Inc. provides virus protection, anti-spam, and content-filtering security products and services. Trend Micro allows companies worldwide to stop viruses and other malicious code from a central point before they can reach the desktop.

Copyright 2004-2009, Trend Micro Incorporated. All rights reserved. Trend Micro, the t-ball logo and OfficeScan are trademarks of Trend Micro Incorporated and are registered in some jurisdictions. All other product or company names may be trademarks or registered trademarks of their owners.

Back to top



9. License Agreement

Information about your license agreement with Trend Micro can be viewed at


Back to top