CSM - Site-to-site monitoring with unmanaged device

Unanswered Question
Jan 9th, 2009
User Badges:

Hello All,

Is it possible to monitor some Site-to-site VPNs that include unmanaged devices? I tried to discover a few site to site VPNs using the wizard but it always fails with saying that CSM can only discover site to site vpn on managed devices.

Maybe I missed something in the manual...

Is anybody able to monitor site to site vpn including 3rd party firewall with CSM?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Jason Gervia Tue, 01/13/2009 - 08:27
User Badges:
  • Cisco Employee,


You can't discover a VPN on CSM with a 3rd party device. You can *configure* one, however, which is what I would do.

Arrange a disruptive change window, and then configure the VPN from scratch in CSM with an unmanaged device, and that should allow you to change the Cisco side of the VPN in CSM after that.

deephazz02 Tue, 01/13/2009 - 08:40
User Badges:


Thanks for your reply.

It's shame CSM can't discover vpn with 3rd party devices.


Yeah, you can't discover a site to site vpn to an unmanaged device. You can manually create one in CSM however using the following process:

1) Discover managed device.

2) Discover unmanaged device (using Add New Device wizard, and unselect "Manage in Cisco Security Manager")

3) Add an interface to the unmanaged device with correct peer IP address. This seems to be required otherwise when you submit changes an error occurs.

4) Create Site to Site VPN.

5) Submit and deploy.

Note that when deploying, CSM still wants to deploy to the unmanaged device (which is silly as the device is not managed by CSM).

I logged a call with Cisco and had a round table with their CSM developers on the issues above, and also discovery of vpns to unmanaged devices. They gave me some constructive feedback that they are working on all of the issues, however they don't expect a solution to be released for some time.



This Discussion