Retrofitting Cisco Security Manager onto an existing network

Unanswered Question


We're evaluating CSM at the moment, and I have a quick question.

Our network (about 100 devices) employs various technologies such as plain-IPSec VPNs, DMVPNs, OSPF, etc.

When I add a live device into CSM, _none_ of these are picked up. CSM picks up other things like interface and ACL configuration, but none of the things listed above.

How can I get my VPN and routing setups into CSM? Do I have to somehow define them in CSM and then apply changes to all my devices?

many thanks,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
clausonna Tue, 04/10/2007 - 06:47

The current version of CSM (3.0) doesn't support importing existing VPN configs. I believe CSM 3.1 is supposed to address this, but I haven't seen/heard anything more than that.

CSM 3.1 is supposed to be coming out 'real soon'. Continue your eval of 3.0 but upgrade to 3.1 as soon as its released.

clausonna Tue, 04/10/2007 - 07:09

No, I don't think you're missing anything. CSM 3.0 focused on the ASA's, and support for routers was focused on security-related functionality. It doesn't even pull in router Hostname or syslog logging configs!

CSM does have the concept of 'FlexConfigs' to allow you do create/deploy configlets that are specific to your environment. CSM 3.0 was "all or nothing" though. Once you import a device and modify its config via CSM you can't go into the CLI and make any changes - they'll get overwritten (and/or CSM will complain about) during the next CSM config push.

3.1 should fix a lot of these issues (or at least that's what I keep telling myself :-)

clausonna Mon, 04/23/2007 - 10:36

CSM 3.1 has been released. The download is big (700Mb+) and the install/upgrade took about an hour. I haven't had a chance to really dig into it, but so far so good. They've integrated IPS management and added a bunch of new features (including discovery of pre-existing VPN configs.) It looks like it was worth the wait.

Have fun with your eval!

- Neil


This Discussion