CSM - Site-to-site monitoring with unmanaged device
Is it possible to monitor some Site-to-site VPNs that include unmanaged devices? I tried to discover a few site to site VPNs using the wizard but it always fails with saying that CSM can only discover site to site vpn on managed devices.
Maybe I missed something in the manual...
Is anybody able to monitor site to site vpn including 3rd party firewall with CSM?
Re: CSM - Site-to-site monitoring with unmanaged device
Yeah, you can't discover a site to site vpn to an unmanaged device. You can manually create one in CSM however using the following process:
1) Discover managed device.
2) Discover unmanaged device (using Add New Device wizard, and unselect "Manage in Cisco Security Manager")
3) Add an interface to the unmanaged device with correct peer IP address. This seems to be required otherwise when you submit changes an error occurs.
4) Create Site to Site VPN.
5) Submit and deploy.
Note that when deploying, CSM still wants to deploy to the unmanaged device (which is silly as the device is not managed by CSM).
I logged a call with Cisco and had a round table with their CSM developers on the issues above, and also discovery of vpns to unmanaged devices. They gave me some constructive feedback that they are working on all of the issues, however they don't expect a solution to be released for some time.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...