Hi, I have deployed ASA 5505 into Five locations and all are connected via STS Tunnel.
Now I want to know what is a next step for a Network Admin so that everything could work fine. Which of the softwares would you recommand for logs, monitoring or etc so that I could manage all entire things perfectly and troubleshhot the issues while it requires. Thanks
Cisco Works suite will do the trick.
It works as SNMP server, syslog, configuration backup, alerts and so on.
As for the management, since there are only 5 ASAs you can use the individual ASDMs. Buying a Firewall MC Software (also part of Cisco Works) doesn;t make sense, since is quite expensive.
The lite version of Cisco Works:
Please rate if this helped.
Hi, Can I get all features in Cisco ACS? Basically I am looking a softwares through which I could see bandthwidth usage per Tunnel wise and support Nelflow as well. A software which has all feature whether it is too expensive.
Is this something you have first-hand
experience with or just something you just
read from a Cisco brochure?
If Ciscowork is so good, then why does Cisco
also tout Cisco Security Manager as well?
In upcoming months, we will be deploying FW on 10 new sites and all will be connected va Tunnel. Which of the software would you recommand?
I can not recommend you any management software because:
1- I do not have much experience with Ciscowork managing ASA devices.
My previous experience with Ciscowork had not been a pleasant one.
2- I used Cisco Security Manager 2.5 years ago and the product
was/is a horrible. As a matter of fact, I decided to give it
another try a couple weeks ago. After installing CSM 3.2 on
my Windows 2003 Enterprise Server with Service Pack 2, I tried
to install Performance Monitoring on top of CSM 3.2 and it
refuses to install. Not a good product, IMHO.
3- Solsoft Policy Server is a somewhat better than Cisco CSM.
That being said, it is mainly used for Security policy
repository. It lacks a lot of features in Cisco CSM. But
in terms of policy management, it is definitely better than
CSM for sure.
I've been using Checkpoint Provider-1 for years so I have
a very high set of bar for management software product. Cisco
CSM and Solsoft are error-prone and sluggish (due to java-based).
By the way, if someone has successfully installed Performance
Monitor module on top of Cisco CSM, please let me know as well.
I have used both Solsoft and CSM. In my opinion if CSM is set up correctly, utilizing shared policies, object overrides, etc. It is much more useful and easier to manage a large number of devices or a small number of devices with a large number of rules or policies than Solsoft.
Talk with someone that has completed a successful deployment of CSM and then try it, I believe you should be able to demo it.
As far as, performance monitor goes, I have successfully installed it on the same box as CSM, but it was on a CSM 3.1.1 box. I don't believe I had to do any tricks to make it happen, I just followed the installation steps documented here on CCO.
"As far as, performance monitor goes, I have successfully installed it on the same box as CSM, but it was on a CSM 3.1.1 box"
Fair point. I have Windows 2003 Enterprise
Server with Service Pack 2 and Java version
1.6 running on it. There are no other
applications running on this server.
Hardware is an IBM x3650 with 10GB RAM and
dual "quad-core" Processors 3.16GHz.
I installed CSM 3.1.1 on this. Installation
went through fine. Reboot the box after
I then installed Performance Montior. That
installation went fine too. Reboot the box
I then installed CSM 3.1.1 Service Pack 3.
That installation went fine. Reboot the box
I then logged into the CSM box from a Dell
Desktop Optiplex Gx620, 4GB RAM and 3.2 GHz
CPU. URL link is http://CSM-IP:1741
I then installed CSM client n the dell
desktop. connect again the CSM client. Then
I download the CSM client service pack 3.
Installed the CSM client after that.
Now I can log into the CSM with the CSM
client. The jump start page showed up.
I closed the jump start page. Now on my
screen, it tells me "connect to DCR" and
it hangs after that. I also tried from
different machines as well but same result.
When I tried URL http://csm-ip:1741, I tried
to go to Performance Monitor tab, it opens
another Browser and hang after that.
anyone know why?