Will there be enhancements to VPN and firewall configuration capabilities in CCA?

Answered Question
Oct 24th, 2009

Will future versions of CCA have the capability to set up site-to-site VPNs on UC520s, UC540s, and SR520s without having to use the Multisite Manager or CLI? Non-SBCS Cisco products that have VPN capabilities have a Cisco GUI capable of configuring site-to-site VPNs. The UC520, UC540, and SR520 are the only Cisco products (apart from products that have already reached end of life status) that do not have this capability in some kind of Cisco GUI (apart from the Multisite Manager in CCA 2.1 and later).

Will future versions of CCA enable you to edit the firewall rules on UC520s, UC540s, and SR520s without having to resort to CLI?

Almost all of the Cisco products, except for the UC520, UC540, and SR520 series products, have a Cisco GUI capable of configuring these features. On the SA520 and SA540, these features can be configured in the web GUI. On the Cisco ISRs, these features can be configured through SDM or CCP. CCA has always had the capability to secure the UC520 unit, but it lacked the ability to fine tune firewall and security settings, unlike the SA500 web GUI, SDM, or CCP.

Reasons why having the capabilities in CCA is important:

  • These features are mentioned on the data sheets of the UC520, UC540, and SR520
  • Having the ability to fine tune and verify the access control lists in CCA can accomplish the following:
    • Ability to comply with PCI, HIPAA, Sarbanes-Oxley, etc.
    • Improved troubleshooting
    • Eliminates the need to use CLI to fine-tune or verify the correctness of firewall settings
  • Site-to-site VPNs can currently be configured through CLI or the CCA Multisite Manager
  • CCA Multisite Manager can only be used for VPNs between UC500 units, or SR520s placed in front of UC500 units
  • CCA Multisite Manager cannot be used for VPNs between standalone SR520 units, or between a UC500 unit and a non-UC500 endpoint (except for a SR520 placed in front of a UC500 unit)
  • All of the IOS images supported on UC520 units, UC540 units, and SR520 routers have the firewall and VPN capabilities described here
I have this problem too.
0 votes
Correct Answer by Saurabh Verma about 7 years 1 month ago

Hi John,

CCA is a configuration tool for platforms that are part of the SBCS solutions. Multisite manager is the approach that we are taking to setup site to site VPNs. Enchancements in firewall customization and access-lists is on something that we've planned putting on the roadmap. We will continue to enhance CCA to meet these requirements. We'll schedule to get these features added in calendar 2010.

Thanks,

Saurabh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Saurabh Verma Mon, 10/26/2009 - 07:47

Hi John,

CCA is a configuration tool for platforms that are part of the SBCS solutions. Multisite manager is the approach that we are taking to setup site to site VPNs. Enchancements in firewall customization and access-lists is on something that we've planned putting on the roadmap. We will continue to enhance CCA to meet these requirements. We'll schedule to get these features added in calendar 2010.

Thanks,

Saurabh