02-19-2008 05:34 AM
I have installed the CiscoWorks Common Services with SP3 and Resource Manager Essentials Incremental Device Support 3.5 and Security Monitor 2.1.
Now i wanted to configure my devices and RME so that I can view them in cisco view. Can anybody help me out how to configure RME for cisco devices.
I have configured my devices for snmp. But still not able to see them in CSM. I have configured my firewall with snmp but when i add them, I didnt get any event and other function.
Kindly tell me how to conifgure the devices and RME for cisco view and Cisco secure monitor for IPS/VPN/FW.
I will be very greatful to all.
02-19-2008 09:22 AM
I can speak about RME and CiscoView, but you might be better off asking your VMS questions on one of the security forums. Assuming your devices have SNMP configured, you can add them to RME under RME > Administration > Inventory > Add Devices.
RME and CiscoView don't automatically share settings, so you could either simply go to Device Manager > CiscoView, and enter your device's IP address to view it, or import the device list from RME. To import the device list, go to Device Manager > Administration > CiscoView Server > CiscoView Device List > Import Device List. Enter your RME access parameters, and click Import. Then go to Edit Per User List, and add all of the newly imported devices to each user that will be using CiscoView. Apply your changes. Then when you launch CiscoView, all those devices will appear under the Select Device pull-down.
02-19-2008 02:51 PM
Thansk for the reply. My all secuirty devices are configured for SNMP already.
TDC-INT-525-01(config)# sh run | in telnet
telnet 172.28.32.50 255.255.255.255 inside
telnet 172.28.92.72 255.255.255.255 edn
telnet timeout 5
TDC-INT-525-01(config)# sh run | in http
access-list outside_acl extended permit tcp any host 41.223.188.39 eq https
http server enable
http 172.28.32.50 255.255.255.255 inside
http 0.0.0.0 0.0.0.0 edn
TDC-INT-525-01(config)# sh run | in ssh
aaa authentication ssh console LOCAL
ssh 172.28.32.50 255.255.255.255 inside
ssh 172.28.37.0 255.255.255.0 edn
ssh 172.28.92.0 255.255.255.0 edn
ssh timeout 5
TDC-INT-525-01(config)# sh run | in snmp
snmp-server host inside 172.28.32.50 community ciscoworks123
no snmp-server location
no snmp-server contact
snmp-server community ciscoworks123
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
IPS Configuration
service notification
trap-destinations 172.28.32.50
trap-community-name ciscoworks123
trap-port 162
exit
enable-notifications true
enable-set-get true
system-location BZV-TDC-4255
system-contact Wasim Hassan
But when I try to add manually in RME, I got the following errors which i have mentioned in the screen shots.
Kindly tell me how to solve the problem.
02-19-2008 03:08 PM
First, the Domain Name is not another name for IP address. This should be the DNS domain name for this device. If you do not have one (i.e. this device's IP address does not resolve to a fully-qualified name), then leave this field blank. I suspect you will get further if you put the IP address of the device in the Device Name field. That is:
Device Name: 172.28.32.5
Domain Name:
User Field 1:
User Field 2:
User Field 3:
User Field 4:
Serial Number: 907410468
Next, do not user Local User and Local Password for PIX devices. Instead, use TACACS User and TACACS Password. Of course, this assumes that you get a username prompt when you telnet to the PIX. If you just get a password prompt, only fill in the telnet password. If you DO get a username prompt, you should leave the telnet password field empty.
A PIX cannot have a read-write community string, so leave this field empty.
As for import, you need to specify the IP address of your CiscoWorks server. That is:
Host Name: 172.28.32.50
Port: 1741
Note: CiscoView does not support the PIX, so you will not be able to view that device in CV.
02-21-2008 07:02 AM
Thanks for the reply,
My dear friend, pix is supported by ciscoview. I have configured it and it is working fine. But IPS is not configurable. I am not even able to see any package for IPS on cisco website. Kindly tell me how to configure it.
See the snapshot for devices that gave me error.
Now I am having problem with Cisco Performance monitor. I am only able to import VPN concentrator into Performance monitor via RME. But not been able to import PIX firewall. Though the same RME entry is working fine for Cisco View.
Kindly tell me how to confiugre PIX firewall and IPS for performance monitor.
Also i am not able to delete the entries of devices from Performance monitor that were unable to import.
02-21-2008 09:30 AM
Yes, sorry. I was thinking of the ASA devices. Your Performance Monitor and VMS questions might be better answered on one of the security forums.
02-21-2008 10:27 AM
My dear even ASA is now supported in cisco View. only IPS is not supported. Rest are all supported.
02-21-2008 10:36 AM
No, there is no ASA device package for CiscoView. There is currently no plan to release an ASA device package for CiscoView since ASDM should be used for that kind of management.
02-21-2008 12:03 PM
Thanks for the update. But I want your help in configuing the Performance monitor for PIX and IPS.
I am only able to configure it for concentrator but not for PIX and IPS. Can you help me out how to configure the PIX and IPS for the Performance monitor. I will be very greatful to you.
Also tell me how to clear the error devices from cisco performance monitor.
My firewall configuration:
TDC-INT-525-01# sh run | in snmp
snmp-server host inside 172.28.32.50 community ciscoworks123
no snmp-server location
no snmp-server contact
snmp-server community ciscoworks123
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps syslog
TDC-INT-525-01# sh run | in domain
domain-name default.domain.invalid
domain-name default.domain.invalid
TDC-INT-525-01#
Kindly also the attachment for the following errors that i m getting in performance monitor. DO let me know how to remove devices from performance monitor
02-21-2008 12:06 PM
As I said, Performance Monitor questions would be better answered on one of the security forums. I have no experience with PM, so I will not be able to offer any clues as to why it is not working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide