Cisco Works Network Compliance Manage NCM

I'm working on the Cisco Works Network Compliance Manager.
I would like to add a device which is behind a firewall.
For this I use the option bastion host to authen. on the firewall and
to get access to the device self.
The problem is the firewall is not listing  to the port 22/23, it a different port number
like example 1234.
Is it possible to change the port  manually in a configfile, as the webinterface has no option for this  ?
I use the version 1.7.1 the latest one.

Both Prime and LMS can do baseline compliance, after a fashion. LMS's is much more mature in my estimation. Prime is more around the lines of deploying templates.
The regulatory compliance functions as of now are in only LMS's Compliance and Audit Manager (CAAM) function. It's quite useful, matching the baseline compliance features.
An LMS license is included with PI, but it does need to be on its own server (or separate VM).

Similar Messages

  • Network Compliance Manager (NCM) custom policies

    Is it possible to get to NCM to run a command script and then reference results to determine policy compliance.  I'm looking to validate SNMP v3 users, which do not show up in a running config.  I need to run "show snmp users" and have NCM react to the output.  Any ideas? 

    You can see the current policie in the system by selecting the Policies tab along the top (3rd one over).
    Under that you have 'Policy List'.  It will show all the policies in the system.
    From there you can click 'View / Edit' on any policy.
    Within each policy you'll see Policy Rules and one or more Rule Names.  You can click View & Edit action to see the individual rule.

  • Does Cisco Prime have a replacement product for NCM or Network Compliance Manager?

    Does the Cisco Prime application development team have a product that replaces the NCM or Network Compliance Manager?

    Both Prime and LMS can do baseline compliance, after a fashion. LMS's is much more mature in my estimation. Prime is more around the lines of deploying templates.
    The regulatory compliance functions as of now are in only LMS's Compliance and Audit Manager (CAAM) function. It's quite useful, matching the baseline compliance features.
    An LMS license is included with PI, but it does need to be on its own server (or separate VM).

  • CS Mars, Cisco Works and Security Manager

    If we wanted to get all three applications, do cisco bundle it into one package? Or does it have to be purchased separately?

    do we need a NetFlow card or is the service implemented by default in Cat4500. Is MARS & CSM suitable solution for main configuring, incident monitoring and evaluation of ASA5520 & Cat4500?
    Yes, you need WS-F4531= card (Netflow is not available in Cat IOS as a service/command), which works with Cat 4500 Sup IV/V.
    MARS is a monitoring device, and CSM is a management device. You can get critical NBA (Network Behaviour Analysis) alerts from MARS, and from CSM you can get configuration backups/audit/bulk administration (of security devices only).
    Hope that helps.

  • Question about Cisco Works LMS 3.2

    Hi Mr Joe Clarke,
    Can CiscoWorks 3.2 discover and monitor non-Cisco devices too? Non-cisco brands such as Hirschmann, 3com and HP.

    RME and the Health and Utilization Monitor add-on can do some monitoring of non-Cisco devices, but LMS is designed for Cisco-only networks.  Managing non-Cisco devices will give you very limited functionality, and will count against your overall license.

  • What changes does Network Access Manager have to do into Windows to work fine?

    We are deploying the Network Access Manager in Windows machines to work in 802.1x cenario with CISCO ISE.  In some machines NAM doesn't work well. What Windows 7 features does NAM module have to interact with Operational System?

    We solved the issues with a custom package made with WISE and we deployed it with Microsoft SCCM.
    SCCM works with a System Account to install applications and we deduced that issues happened because the account privileges to install AnyConnect in some machines was not enough.
    Thanks for all.

  • Cisco's AnyConnect Network Access Manager (NAM)

    Hi dears,
    I configurate EAP_FAST in Cisco ISE and want wired users authenticate from ISE. I install Network Access Manager Profile Editor and Cisco Anyconnect Security Mobility Client on PC. I configure Network Access Manager  when i want to save as that I did not see the . \newConfigFiles folder. Then I did that: Organize’, ‘Folder and Search Options’, ‘Show hidden files, folders, and drives. but in this case i did see the network access manager folder.
    I need a to install Cisco’s AnyConnect Network Access Manager (NAM) on PC. HOW  I get this soft? I have a smartnet for ISE. 
    Which email address(to cisco) i must be write to get this soft?
    Thanks.

    You can download the Network Access Manager module from CCO.  This link should work if you have a CCO account.
    http://software.cisco.com/download/release.html?mdfid=283000185&softwareid=282364313&release=3.1.05160&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rs
    The file name will be similar to anyconnect-win-3.1.05160-pre-deploy-k9.iso.  Just unzip the ISO with 7zip or Winrar and you will see the NAM msi file  anyconnect-nam-win-3.1.05149-k9.msi.

  • Cisco application networking manager license file - unable copy to server

    Hi all
    We tried all the options like ftp,tftp,scp,etc., to copy cisco application networking manager license file from my pc to its server which has CISCO ADE OS .But unable to copy .can anybody know correct method to copy ??
    Thanks & Regards
    Sanjeevi

    Adrian,
    In order to install the license you must have a license file on the ANM server and install it through the command line:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/4.1/installation/guide/IG_config.html#wpmkr1120937
    No other way to do it.
    License file can either be copied to the ANM file system, or you can create a new empty license file on it and copy paste the license file content.
    If you have no access to the ANM server through CLI, then a workaround might be:
         - install a new VMWARE machine where you have CLI access.
         - install ANM on it
         - copy license (other you copy the file through any means or you create a file and edit by copy pasting the license file content)
         - install license with the command  /opt/CSCOanm/bin/anm-license install /path/ANMxxxxxxxxxxxxxxxxx.lic as described in the link above
         - save the VMware image
         - deploy the same VMWare image to the ESX where it has to be installed and where you have no access to CLI neither you can copy a file.
    Hope this helps,
    Domenico.

  • Cisco Works Daemon Manager Service down after deleting Syslog files

    Dears,
         Cisco Works Daemon Manager Service is not comiing up after deleting the syslog.log files from NMSroot, al other services are comes up except this.
    please help ...
    Rgds
    Aslam

    Not sure what is happening, but I see several services that should be started by the daemon manager, that are already started!!
    You best stop them, make sure the services are set to manual except daemon manager, tftp syslog and rcp who are automatic.
    Then I suggest to reboot server. If the daemon manager still can start run the resetcasuser.exe  in \CSCOpx\setup\support\   and try again.
    Cheers,
    Michel

  • Cisco Prime Specific NTP Servers by Compliance Management

    Gets,
    I have the following NTP servers configured on different switches
    ntp server 192.168.1.1
    ntp server 10.10.10.10 key 1
    ntp server 12.12.12.12
    ntp server 13.13.13.13 key 1
    ntp server 14.14.14.14 key 30
    The correct NTP servers are only 10.10.10.10 and 192.168.1.1. The problem is that as you see, the IP addresses of the NTP servers are very generic, meaning that in my large network, I may find any other NTP server.
    Can you develop a code to run by Compliance Management to exclude any unneeded NTP servers ? It is required that the code catches any IP address and any key that is not matching the first two servers.

    Gets,
    I have the following NTP servers configured on different switches
    ntp server 192.168.1.1
    ntp server 10.10.10.10 key 1
    ntp server 12.12.12.12
    ntp server 13.13.13.13 key 1
    ntp server 14.14.14.14 key 30
    The correct NTP servers are only 10.10.10.10 and 192.168.1.1. The problem is that as you see, the IP addresses of the NTP servers are very generic, meaning that in my large network, I may find any other NTP server.
    Can you develop a code to run by Compliance Management to exclude any unneeded NTP servers ? It is required that the code catches any IP address and any key that is not matching the first two servers.

  • Cisco Works NCM Driver for Cisco IPS/IDS

    Hi,
         Does anybody happen to know if there are drivers for the Cisco Works NCM that support Cisco IDS/IPS devices?
    Thanks!!

    http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_book09186a00807a8a2a.html
    your vendor is on crack
    you can do any think you want .... but depends how many ports you have on the IPS
    If you get an ips 4215 w/ 4 fastethernet ports you can do any combination

  • Ask The Expert: Understanding, Implementing, and Troubleshooting Cisco Prime Network

    Ask questions and learn about Cisco Prime Network with Cisco experts Vignesh Rajendran Praveen and Jaminder Singh Bali.
    Cisco Prime Network is and  Cisco Prime Network provides cost-effective device operation, administration and network fault management for today’s complex and evolved programmable networks (EPNs). It is a single solution to support both the traditional physical network components, as well as compute infrastructure, and the virtual elements found in data centers. Automated configuration and change management combined with advanced troubleshooting and diagnostics greatly help service providers enable proactive service assurance. Additionally, the flexible and extensible architecture is designed to support the multivendor environment, helping to lower operational costs.
    This event runs January 5 through January 16, 2015.
    Vignesh Rajendran Praveen is a High Touch Engineer with the Focused Technical Services team supporting Cisco's major Service Provider customers in Routing, Switching, Multiprotocol Label Switching (MPLS) technologies and Cisco Prime Network related issues. Previously at Cisco he has worked as a Network Consulting Engineer for Enterprise Customers and as a Customer Support Engineer for Service Provider customers. He has been in the networking industry for ten years and holds CCIE certification (#34503) in the Routing and Switching as well as Service Provider tracks.
    Jaminder Singh Bali is a Customer Support Engineer working in SP-NMS TAC team, supporting Cisco's major service provider customers in Cisco Prime Network, Performance and Prime Central related issues. His areas of expertise include Oracle, Linux and NMS applications. He has been in the industry for past six years.
    Remember to use the rating system to let the experts know if you have received an adequate response. 
    The Experts might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation in Network Infrastructure community, sub-community, LAN, Switching and Routing discussion forum shortly after the event. This event lasts through January 16, 2015. Visit this forum often to view responses to your questions and the questions of other community members.

    Hello Jerome,
    A variety of Cisco devices are supported by the the Cisco Prime Network. I would encourage you to go through the below links on the user guide depending the version of Cisco Prime Network being used.
    "Cisco Prime Network Supported Cisco Virtual Network Elements (VNEs)"
    "Cisco Prime Network Supported Cisco VNEs - Addendum"
    Below is the link for the user guide.
    http://www.cisco.com/c/en/us/support/cloud-systems-management/prime-network/products-user-guide-list.html
    Hope this would help in providing you more clarity.
    ***********Plz do rate this post if you found it helpful*************************
    Thanks & Regards,
    Vignesh R P

  • Ask the Expert: C-Series Integration with Cisco Unified Computing System Manager

    Welcome to the Cisco Support Community Ask the Expert conversation. This conversation is an opportunity to learn and ask questions about Cisco C-Series Integration with Cisco Unified Computing System® Manager (Cisco UCS® Manager) with Cisco experts Vishal Mehta and Manuel Velasco.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (Cisco IMC). When a C-Series rack-mount server is integrated with Cisco UCS Manager, the IMC no longer manages the server. Instead you will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager command-line interface (CLI).
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management. The following are the connectivity modes:
    Dual-wire management (shared LAN On Motherboard [LOM]): Shared LOM ports on the rack server are used exclusively for carrying management traffic.A separate cable connected to one of the ports on the Payment Card Industry Express (PCIe) card carries the data traffic.
    SingleConnect (Sideband): Using Network Controller Sideband Interface (NC-SI), the Cisco UCS Virtual Interface Card 1225 (VIC1225) connects one cable that can carry both data and management traffic.
    Direct Connect Mode: Cisco UCS Manager Version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    Vishal Mehta is a customer support engineer for Cisco’s Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching and service provider.
    Manuel Velasco is a customer support engineer for Cisco’s Data Center Server Virtualization TAC team based in San Jose, California.  He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco UCS, Cisco Nexus 1000V, and virtualization.  Manuel holds a master’s degree in electrical engineering from California Polytechnic State University (Cal Poly) and CCNA® and VMware VCP certifications. Remember to use the rating system to let Vishal and Manuel know if you have received an adequate response. 
    Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation in the Data Center, under subcommunity, Unified Computing, shortly after the event. This event lasts through May 23, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

    Hello Sebastian,
    The different modes of connecting C-Series with UCSM come into play depending on the type of infrastructure you already have along with C-Series and NIC model.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (CIMC) .
    Powerful features provided by Cisco UCS Manager can be leveraged to manage C-Series server by integrating  C-Series Rack-Mount Server with UCSM.
    This not only gives you rich-feature set but also one management plane to operate UCS-B Series Chassis and UCS-C Series Rack Server.
    You will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager CLI.
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management.
    The following are the connectivity modes:
    •  Dual-wire Management (Shared LOM):
    Shared LAN on Motherboard (LOM) ports on the rack server are used exclusively for carrying management traffic. A separate cable connected to one of the ports on the PCIe card carries the data traffic. Using two separate cables for managing data traffic and management traffic is also referred to as dual-wire management.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0100.html
    This mode is recommended when you have C-Server which does not  have or cannot support VIC 1225 card (such C-200 server)
    •  SingleConnect (Sideband):
    Using Network Controller Sideband Interface (NC-SI), Cisco UCS VIC1225 Virtual Interface Card (VIC) connects one cable that can carry both data traffic and management traffic.
    This feature is referred to as SingleConnect.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_011.html
    This most recommended Integration model when using FEX and VIC 1225 card
    •  Direct Connect Mode:
    Cisco UCS Manager release version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    This mode will eliminate the need for FEX module as Servers are directly plugged into the base ports of Fabric Interconnect
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0110.html
    Please let us know if you need more information. Thank you!
    Thanks,
    Vishal

  • Compliance Management in LMS 3.2

    I'm having a hard time getting Compliance Manager to accept a "banner login" command I'm attempting to use on 6500 IOS switches. I've edited the template, tried cut-&-paste, looked for the archive file on the server to directly modify it (without success), among other things. I have this feature functioning correctly on CatOS switches, but can't seem to get it properly set on IOS switches. What's the limit, as far as the template is concerned, on the number of characters with this type of command? Where are the archive configs located on the server; in the "shadow" directory?
    Thanks,
    Rick

    Not sure what you mean when you say "not accepting", but I had some trouble with compliance templates and checking banners.  My issue was with multi-line commands as mentioned in the last post of this thread: https://supportforums.cisco.com/message/638950#638950
    Once I put the in the template it worked fine.  The thread is discussing LMS 2.6 but was applicable in my 3.2 environment.  Hope that helps.

  • Need to do switches configuration archive using the cisco works LMS 3.2

    Hi folks,
            We have a cisco works LMS 3.2 bundle which contains Resource Manager Essentials 4.3.0 . I am trying to do config archive of all our network switches using RME. I have no idea how to do it . so i came here ...
    Guide me what are the things to be done in both switch side and RME side.

    Hi Mohammed,
    You can do this from here :
    RME > Admin > Config Mgmt > Archive Mgmt
    check the below linlk for more information:
    http://www.cisco.com/en/US/docs/net_mgmt/ciscoworks_resource_manager_essentials/4.3/user/guide/config.html#wp1070778
    Thanks-
    Afroz
    [Do rate the useful post]

Maybe you are looking for

  • My swf will not load or I cant see it ,,Help ?

    I am just trying to load a dreamweaver page and I have some flash in it but the flash is not showing up which is leaving gaping holes in the website.. Can somebody see whats wrong? www.mcdcpoway.com

  • Since OES 11 SP2 computer members of groups are not shown in AD Users and Computers mmc snapin

    I have several groups of computers in my DSfW Domain, They are mainly used to apply different GPOs to different groups. If you look via iManager or C1 at the properties of the groups you see the computers, which are members of the groups on the membe

  • Generic Extractor using Function module with Complex Interface

    Hi, Has anyone created Generic extractor using Function module with Complex Interface? What is the difference between Complex and Simple interface in Function module? Pls explain. Thanks, Gopal

  • Shuffle doesn't mount in itunes

    shuffle starts up i tunes but gives message "i tunes cannot read contents of ipod. use ipod software updater to restore ipod to factory settings". the ipod doesn't show up in itunes and after restoring ipod software i get "error updating or restoring

  • WRT54GS with Speedbooster, what version number???

    Hi all, I was going to upgrade my routers firmware (WRT54GS w/speedbooster), so I check the bottom of the router...find the model number...BUT there is no 'ver' number after it.  What version of firmware do I use? Thank you for any input or ideas, Br