I had to spend a complete day to figure out an internet browser work well with ACS 5.2. The issue came to my notice, when I was testing config example of “Dynamic VLAN assignment with ACS 5.2“. Under Acces Policies, Identity section I could not configure(cannot select Identity Source, etc) required settings as described in that Cisco doc. Here is the screenshot of “Access Policies > Identity ” section of ACS 5.2 from my firefox client on my windows 7 laptop. As you can see there are no way of selecting identity source.
I used firefox as my preferred browser & configured it to update firefox client when updates available. My firefox version was 18.0.1 at this time of testing. Initially I tried with alternative browser IE 9.0. It had completely different issue of get connected to ACS due to “Certificate Error:Navigation blocked”. Then I tried another browser “Chrome ver 24.0.x” which had a little success. Identity section worked, but not Authorization section. Then I thought it may be a bug of the ACS 5.2. version & downloaded the latest patch(5-2-0-26-11) & applied it to the server. Still no luck with this & thought of givng a try to reconfigure the ACS from its default config. You can do this by one CLI command acs reset-config. After reconfiguring the ACS, I was at the same position where behavior is same as before. After all I searched on the cisco support forum & found the below post which indicating issue I am experiencing is client browser related.
https://supportforums.cisco.com/thread/2171204
Unfortunately post is describing about ACS 5.3 ( Which I cannot go with as CCIE lab exam is demanding ACS 5.2). Also it does not specify which browser version worked for them as well.
In the Release Notes of ACS 5.2 it claimed following browsers supported.
Since all those 3 browsers did not work with my Windows 7 laptop, I decided to go back to my old PC which is running on Windows XP-SP3. It had IE 8.0 on it & firefox 18.0.1. It had the same issue which I am having with my Windows 7 laptop. Tried to downgrade IE version to 6.0 & 7.0 (Doing this is another painful exercise as control panel add/remove program option sometime does not work with this). Still had no luck of getting this working. Finally I decided to downgrade firefox version on my PC & randomly selected 10.0 to go with (as firefox 3.0 seems to be too old). That’s the trick for it, with that version all seems working fine & I was able to configure this as described in the config example document. Here is the screenshot of the same page with firefox 10.0.
From the lab exam perspective I do not think this is going to be an issue as Cisco would give compatible browser version to work with ACS 5.2. But from candidates (who study for the lab exam) point of view they have to have good understanding of this sort of weird behaviors as it cost them lots of valuable study time.
Since Firefox 10.0 is working for me I am stick with that version to work with ACS 5.2 until I clear CCIEW-v2.0 . Sometime other latest version may work, but I do not have time to spend trialling those as it does not give me any value (compare to time I have to spend on it).
mrn-cciew 
hi, i have exactly the same issue now. with IE i am getting certificate error. with FF i am unable to see the full page. almost the whole day is lost as well.
really really painful waste of time. I am currently on FF v 24.0
Do i really have to go back to v 10
our ACS is 5.1
thanks
I know FF v10 works without any problem. May be 11.x, 12.x may support. I did not test & verify.
If you get time, use trial & error method & decide what latest version of firefox support ACS 5.1. Otherwise go for FF 10 which is working 100%
HTH
Rasika
Ok I have a silly question here.
I don’t know anything about ACS I never use it before so my questions is which version can I use? on cisco.com I see two options one for windows and another called “Cisco Secure Access Control System” I need an appliance for this? Can I use my lap top?
I know it wasn’t just one silly question
Hi Daniel,
You do not want to have an appliance for this, simply you can install this on a VM ( I am using Dell OptiPlex 745 with 4G RAM for WCS, ACS, AD/DHCP on same box)
Windows version supporting ACS 4.x & if you want to go with ACS 5.x then it should be on linux platform.
You have to go “Cisco Secure Access Control System” & then select the .iso file to install. V5.4 is the latest.
HTH
Rasika
Thanks Rasika I’m going to try with 5.4 version, just one question I can download the iso file and it boots? or first I need to install Linux on my desktop and after that Install the ISO file? I want thinking in ubuntu.
If you could install ESX (VMware) on your desktop then you can install the ACS application using iso file downloaded from cisco. That’s what I did
HTH
Rasika
I got the “Certificate Error:Navigation blocked” error with my ie8 last night. After some digging found out it was due to (in my case) a short certificate hash in the ACS. Tried to reset the management cert in acs-config to no avail. I had to temporarily modify my test laptop windows registry to allow for weak signatures, so I got GUI access back and created a proper (1024 bit) self-signed Certificate for management access. All good now.
Hi Roy,
Thanks for your update & workaround detail. This should help others
Rasika
This can be fixed by using Compatibility View Settings in IE.
And fro certificate error – you should install the ACS certificate in IE Trusted Root Certification Authorities.