We've began to configure VPN tunnels via CSM and discovered several issues.
We have several VPN peers that do not belong to CISCO product line or we don't want (or can't) add them as managed devices to CSM. CISCO docs tell us that "you can add any device as an unmanaged device and you MUST do it when you want to control your VPN with CSM".
1. CSM client doesn't allow to add, say "Checkpoint NGR55" as an unmanaged device, it allows to choose only CISCO devices.
Can I add non-CISCO-type device or I had to add "Cisco PIX-501" keeping in mind that it is "Checkpoint NG R55"?
2. When I decide to change VPN config on 1st peer (CSM-managed device) CSM insists on deploying the changes to the 2nd peer too (unmanaged device). CISCO Docs tell us that CSM that it is feature (not the bug) but why it is attempting to change config on unmanaged device and is it any way to avoid this?
3. Does anybody has any info that CSM in the nearest future will allow to add VPN-config for a stand-alone device, not both vpn-peers? We have hundreds of VPN peers and we plan to migrate from VMS so that is really a vital question for us.