Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
856
Views
0
Helpful
6
Replies

CSM - Device update capabilities

jacques_henry
Level 1
Level 1

‎07-01-2010 01:49 AM - edited ‎02-21-2020 04:00 AM

Hello,

Most of my question is already answered but I have to be sure about the capability of the CSM (and the Auto Update Server) about the update of my "Security Devices" (ASA 5500, AIP-SSM, IPS 4200).

(I am talking about the CSM 3.3.1 and 4.0)

With the CSM can I remotely on a large infrastructure update:

- the ASA software : I think yes. What about 2 ASA in active/passive mode?

- the AIP-SSM software?

- the AIP-SSM recovery partition?

- the IPS 4200 software?

- the IPS 4200 recovery partition?

- the IPS signature update file: yes

If one this updates cannot be done by the CSM, it means that I have to do it device by device?

If my CSM server is offline, can I manually download the IPS sig updates and put them on the CSM?

During the software update on these devices, is the configuration saved ?

Thanks in advance!

0 Helpful
6 Replies 6

Panos Kampanakis
Cisco Employee
Cisco Employee

‎07-07-2010 10:44 AM

AUS can do updates and config pushes to your devices that support it like the ASA.

If you want a more complete config archive and config  manangement and software image management you should also look into RME http://www.cisco.com/en/US/products/sw/cscowork/ps2073/index.html that works with CiscoWorks and CSM.

I hope it helps.

PK

0 Helpful

jacques_henry696
Level 1
Level 1
In response to Panos Kampanakis

‎07-08-2010 12:10 AM

Thanks for the answer!

Ok, but can AUS also take care of the IPS 4260 and AIP-SSM?

Is RME fully integrated into the CSM or is it an external application?

Thanks

0 Helpful

Scott Fringer
Cisco Employee
Cisco Employee
In response to jacques_henry696

‎07-08-2010 07:22 AM

CSM will directly handle auto-updating of IPS sensors; AUS is not used.  You simply need to configure the IPS updates in the Security Adminsiration; within the CSM client:

Tools>Security Manager Adminsitration...

Choose "IPS Updates"

Configure the Auto Update Settings in the left-hand pane as required for your environment.

RME is no longer a required component of CSM and is a separate application.

Scott

0 Helpful

Panos Kampanakis
Cisco Employee
Cisco Employee
In response to Scott Fringer

‎07-08-2010 07:26 AM

To add to Scott's comments:

AUS is EOS http://www.ciscosystems.cg/en/US/products/hw/vpndevc/prod_category_end_of_life.html so you don't want to go towards it.

RME is a product that integrates with CSM , is running in the same server and manages config, archives and images of devices.

I hope it helps.

PK

0 Helpful

jacques_henry696
Level 1
Level 1
In response to Panos Kampanakis

‎07-08-2010 09:13 AM

All right, so to sum up, I can do all the tasks in my first post (the 6 points) with the CSM (without RME), yes?

Thanks!

0 Helpful

Scott Fringer
Cisco Employee
Cisco Employee
In response to jacques_henry696

‎07-08-2010 10:02 AM

Yes, you should be able to accommodate ASA and IPS software management without the need to install RME; AUS for ASA image management and CSM for IPS software management.

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card