Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
525
Views
10
Helpful
5
Replies

Retrofitting Cisco Security Manager onto an existing network

alec.waters
Level 1
Level 1

‎04-10-2007 06:18 AM - edited ‎03-09-2019 05:46 PM

Hi,

We're evaluating CSM at the moment, and I have a quick question.

Our network (about 100 devices) employs various technologies such as plain-IPSec VPNs, DMVPNs, OSPF, etc.

When I add a live device into CSM, _none_ of these are picked up. CSM picks up other things like interface and ACL configuration, but none of the things listed above.

How can I get my VPN and routing setups into CSM? Do I have to somehow define them in CSM and then apply changes to all my devices?

many thanks,

alec

Labels:
0 Helpful
5 Replies 5

clausonna
Level 3
Level 3

‎04-10-2007 06:47 AM

The current version of CSM (3.0) doesn't support importing existing VPN configs. I believe CSM 3.1 is supposed to address this, but I haven't seen/heard anything more than that.

CSM 3.1 is supposed to be coming out 'real soon'. Continue your eval of 3.0 but upgrade to 3.1 as soon as its released.

0 Helpful

alec.waters
Level 1
Level 1
In response to clausonna

‎04-10-2007 06:52 AM

Hi Neil,

OK; thanks for the advice. I'm surprised by the lack of config-import capabilties - it can't even detect static routes. How hard can that be?

Maybe I'm missing something here!

thanks,

alec

0 Helpful

clausonna
Level 3
Level 3
In response to alec.waters

‎04-10-2007 07:09 AM

No, I don't think you're missing anything. CSM 3.0 focused on the ASA's, and support for routers was focused on security-related functionality. It doesn't even pull in router Hostname or syslog logging configs!

CSM does have the concept of 'FlexConfigs' to allow you do create/deploy configlets that are specific to your environment. CSM 3.0 was "all or nothing" though. Once you import a device and modify its config via CSM you can't go into the CLI and make any changes - they'll get overwritten (and/or CSM will complain about) during the next CSM config push.

3.1 should fix a lot of these issues (or at least that's what I keep telling myself :-)

alec.waters
Level 1
Level 1
In response to clausonna

‎04-12-2007 01:15 AM

Thanks Neil.

I think I'll postpone the evaluation until 3.1 comes out. I have over 100 (working!) devices, and I don't relish the prospect of having to have CSM tweak their configs just so it's aware of stuff the devices are already doing!

Any idea when 3.1 is due?

thanks,

alec

0 Helpful

clausonna
Level 3
Level 3
In response to alec.waters

‎04-23-2007 10:36 AM

CSM 3.1 has been released. The download is big (700Mb+) and the install/upgrade took about an hour. I haven't had a chance to really dig into it, but so far so good. They've integrated IPS management and added a bunch of new features (including discovery of pre-existing VPN configs.) It looks like it was worth the wait.

Have fun with your eval!

- Neil

0 Helpful
Customers Also Viewed These Support Documents