Cisco Security Manager - Integration with LMS/DCR
Following on from my posts in:
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&topicID=.ee71a02&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc16e9f
How do I configure CSM so that I get the option to "Add Device from DCR" rather than having to export/import the devices manually?
Many thanks
Any ideas?
Similar Messages
-
Cisco Security Manager integration with ACS
Has anybody got this working yet.
I have tried but as yet have been unsucessful in registering csm with the ACS server.
I am following the the instructions however, nothing seems to work all i get is failed to registar.
Any help would be appreciated
Regards
JasonCheck out this link...
http://www.cisco.com/en/US/products/ps6498/prod_troubleshooting_guide_chapter09186a00806e23e3.html -
Cisco call manager integration with mediant
How can we add and integrate mediant with cisco call manager ?
Can you have doc for this kind of setup ?Hi Sachin,
We do run a hybrid Callmanager to Nortel Meridian setup (works well).
Here are some great docs;
Cisco Unified CallManager
Case Study: Nortel 61C PBX to Cisco IP Telephony Migration
From this good doc;
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_white_paper09186a00801115e0.shtml
Nortel Meridian PBX and Cisco CallManager Integration
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_configuration_example09186a008011888c.shtml
Cisco Unified CallManager System Guide, Release 4.2(1)
Cisco DPA Integration
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_administration_guide_chapter09186a008055cd53.html
Hope this helps! Let me know if you need additional info.
Rob -
Cisco Security Manager Local RBAC Authentication Radius assign user role
Is it possible to use Cisco Security Manager with local RBAC, authenticate the user to Radius and retrieve it's role from Radius. Getting the authentication to work isn't the problem, but is it also possible to return the role the user has (i.e. Super Admin) via Radius, without having to create all the users one-by-one in the local CSM database with the correct role.
Can i use a certain Cisco-AV-Pair attribute to return the user role via Radius?I just got asked to look at the same situation by one of our security people.
We have exactly the same problem but it reports a username of "*****" and we are running CSM 4.7 (upgraded last week) -
Cisco Security Manager (CSM) License Problem
Hi All,
We have CSM V3.2 with Professional license edition and support 50 devices. It's installed properly in the Cisco Security Manager client as appeared in the attachement but the problem is in the server administration- license management which doesn't include any records for license (see attachment).
I tried to upload the .lic file by clicking the Update button in server administration but an error message appeared stated that the license file is corrupted although it's installed properly in CSM client!!!
Could you please advise what's the problem and what should I do?
Thanks in Advance!Sorry but Cisco seems to have removed that product bulletin from cisco.com.
Your reseller can use Cisco Commerce Workspace (CCW) to order the correct part number for your CSM installation. There is a unique number for each licensing level and/or upgrade.
For instance, for a 10-device standard license, the support would be part number CON-SAS-CSMST10K.
For the 100-device Pro license, the support would be CON-SAS-CSMPR4K9.
The reseller needs to adjust the support term (12-60 months) to suit when ordering. -
Import Network host objects to Cisco Security Manager
Is it possible to import complete lists of Network Hosts objects to Cisco Security Manager?
Exporting the hosts already defined in the ASAs is easy but how to import them in CSM??
ThanksNo hostnames discovered go the Policy Object Manager (nor to the Access rules), only group-names (there's a bug in ASAs related to single host names too). The way CSM handles single hosts is previously creating them, so when we later discover devices, the single hosts names set in the discovered device are not considered, only their IP addresses; then you can see that in the discovered access rules CSM shows the hostname as the previously defined ones in the Policy Object Manager. If you dont define those hostnames before the device discovery, you will only see IP addresses, no hostnames, no matter they are set in your firewalls.
Imagine discovering a couple FWSM modules with 500 access rules, and you only get to see the IP addresses of the 2,500 hosts on your network. And you have all those hosts already defined in your FWSM firewalls, when you log via ASDM you view your hard created rules with hostnames, and when you log to CSM you only view IP addresses. The clients get very disappointed with CSM after that, and discard it. The bigger the network, the faster they reject CSM.
The only way to add hosts in the Policy Object Manager is 1 by 1. But as this may have happened to more than one company and considering how easy it is to code a feature like that, I assume that it's possible to import a complete list of single hosts to CSM.
is that really possible? it should be.
thanks for the replies so far -
Does anybody know how to work effectively with security manager and filtering?
It is extremely time consuming and frustrating to work with Cisco Security Manager in regards to search for entries or filter. I have not been able to find some kind of global search, is there?
How do other people cope with this?It appears to have been a temporary issue as the backup is running fine again now... closing the thread.
-
Cisco Security Manager evaluation
How to download CSM software for evaluation ? CSM Q&A state -
Anybody with a valid cisco.com account can download Cisco Security Manager and use the software for up to
90 days in evaluation mode. Visit http://www.cisco.com/go/csmanager and select the “Download Software”
But when I click "Download" I get "To Download this software, you must have a valid service contract associated to your Cisco.com user ID."
Help, plz.
BR, Oleg.You can contact your local AM to get an evaluations version, this is related to the new 'restricted' downloaded access on CCO. You need to have a service contract assocaited for that 'specific' product to download software (I know it does not make sense in case of an evaluation).
And you also have the following alternate:
Note:
This download does not include CiscoWorks Resource Manager Essentials (RME). For customers that wish to also evaluate CiscoWorks RME or that prefer a media format rather than a large download, an evaluation DVD can be ordered from Cisco Marketplace. At http://www.cisco.com/pcgi-bin/marketplace/welcome.pl, navigate to the Collateral and Subscriptions Store and search for part number EVAL-CSMGR-4.0.
Regards
Farrukh -
Hi,
I'm looking into Cisco Security Manager. From what I understand you can monitor and manage Cisco security appliances. I'm interested in the monitoring of our Cisco ASAs - specifically, monitoring VPN sessions and their trending over months at a time and I would like to monitor other Cisco devices on the network for link problems/performance and such - I don't want to use Cisco Security Manager as a management point. Would Cisco Security Manager not be the right tool for this?
We have SolarWinds and I've heard that you can assign UnDPs(Device Pollers) to devices you want to monitor, including ASAs and these pollers can give you trending for VPN sessions with graphing. I just want to make the most of our budget dollars.
Any advice?
Thanks, Pat.CSM 4.3 and above can be used to monitor VPN sessions on Cisco ASAs. You can definitely use CSM as a monitoring only solution for ASAs (without using it for management). You can also explicitly disable policy change privileges for all admins so they do not modify stuff by mistake. Note however that CSM is primarily focused on end-to-end management scenarios (including policy change, troubleshooting, reporting, etc). So you may not find all the bells and whistles in CSM for monitoring scenarios that you may find with some of the pure monitoring only solutions.
-
Failed to setup Velocity Engine ... in Cisco Security Manager
Anyone having problems trying to validate syntax in a FlexConfig in Cisco Security Manager?
CSM version 4.4.0 SP2
Java 1.6.0_14-b08
I have heard that there are issues with earlier versions of Java.
I have also heard that this problem was fixed in CSM
Any ideas anyone?
AdrianI believe this is where you need to run CSM Configuration Manager as Administrator. I had that issue, and I think the note about this is in the Install Guide.
HTH
Paul -
FlexConfigs in Cisco Security Manager 3.2.1 SP1
Hi,
I have a problem with Cisco Security Manager 3.2.1 SP1 (fresh intall).
When I create a FlexConfig with any IP AUDIT commands or VPDN (for PPPoE config) every time I deploy the configurations in file the flexconfig is repeated in the configuration. The behavior is the same on PIX and ASA configuration.
If I deploy 20 times my devices than I'll have 20 times the same line in the configuration !
Any way to solve that problem in CSM??
The server is Win 2003 Standard English and there's absolutely nothing else than CSM installed on it...so??Hello,
I'm having the same problem for one of our customers! but flexconfig didn't work!
Can you please be more specific what exactly you did! Flex config doens't remove generated command it's adding the no crypto ca enroll 'trustpoint name' after the generated crypto ca enroll 'trustpoint name'
I've been also looking for related bugs but didn't find any!
Regards -
Cisco Security Manager 3.2.1 Sp1 and Public Key Infrastructure
Hi, all!
Recently I created configuration on PIX (FOS 7.2.4) with Cisco Security Manager 3.2.1 Sp1 to allow to work with certificate-based authentication of VPN connections. CSM created necessary commands (and unfortunately many necessary commands left unsupported too). But every time I upload new configuration (even with untouched PKI configuration) CSM adds following command - "crypto ca enroll CA-NAME noconfirm".
Right now I created FlexConfig which just do "no crypto ca....". And it works. But is there more clean solution? Why do I need to enroll every deployment?
Wait for answers.
With best regards
MaximHello,
I'm having the same problem for one of our customers! but flexconfig didn't work!
Can you please be more specific what exactly you did! Flex config doens't remove generated command it's adding the no crypto ca enroll 'trustpoint name' after the generated crypto ca enroll 'trustpoint name'
I've been also looking for related bugs but didn't find any!
Regards -
Install Cisco Security Manager 4.7 on Hyper-V
Hello,
Our customer want to install Cisco Security Manager on a Virtual Machine virtualized with Hyper-V. Documentation only mentions install the software on a Virtual Machine on Vmware systems.
Can we install without problems, and the installation will be supported on TAC if we need open a support case?
Best Regards,
DavidWhile it should work (since CSM is basically an application running on a Windows server), it is not a system that meets the requirements of the Installation Guide.
So... if the TAC found an issue related to that setup when you needed their help, they'd be within their rights to say your installation is unsupported. -
Installing Cisco Security Manager
I would like to uninstall and reinstall my Cisco Security Manager 3.0 since 3.1 has been taken off the market for the time being.
Is there a step by step process that I would have to take to install this with standard install, Service packs and patches?
In a nutshell, I would like to do a complete reinstall and be fully operational when completed.
ThanksCisco Security Manager (Security Manager) enables you to configure, deploy, and manage services and policies on Cisco security devices. With Security Manager, you can provision VPN and firewall services across multiple, different device types, including IOS routers, firewall devices (PIX and ASA), Catalyst 6500/7600 devices, and Catalyst security services modules (VPN, FWSM, and so on). On some device types, you can also provision platform-specific settings such as QoS, SNMP, and routing, even though these settings are not necessarily security settings.
-
Cisco Security Manager IOPS for Storage (VM Deployent)
Hi,
I've been asked by a client about the Cisco Security Manager requirement to have 1TB of storage for events and another for archiving.
They wish to know the IOPS requirement for this storage. Please could anyone assist in this ?
Many thanks,
MarkHi,
I'm not sure that I can really help you, but I can verify that on my CSM 4.5 server which is running normally, that service has a starup type of automatic and is in the "Started" state.
You may want to check your system and application event logs to see if there are any messages that could explain why it stopped.
Regards,
Matt
Maybe you are looking for
-
Getting error in installtion of R/3 4.7
Hi, Please find the encl.and help me for installation Getting error when creating SAP license (post processing) TRACE receiving on port 21212 TRACE sending on port 21213 TRACE host name is pun6061 TRACE effective user corresponds to real user TRACE A
-
How to copy billing plan details of main item to all its sub-items...
In the sales order, we have main item and sub-items. The main item is a project item and it has a billing plan which gets copied from the project. Now the requirement is to copy the same billing plan(of the mainitem) to all its subitems- billing date
-
Hi, I have created one new parameter Group in existing area level and function .Other parameter group already exist for that function. Tried to trasport parameter group using UPC_TRANSPORT_BPS_ALL . Filled following PLANNING AREA PLANNING LVL PLANN
-
Hi, My requirement is to change route based on the forwarding agent available in the Purhcase order based on one custom table. Now my question is which user exit i can use to get the Forwarding agent details so that same can be used. I want to get th
-
I can't find some installed apps after upgraded to iOS6.0.1 by sync from iTunes
I can't find some of installed apps after upgraded to iOS6.0.1 by sync fom iTunes. when i try to download them from app store again, it shows OPEN button only but not INSTALL button. is there anyone got this problem too? I use iPhone 4s.