Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSM - Site-to-site monitoring with unmanaged device

Hello All,

Is it possible to monitor some Site-to-site VPNs that include unmanaged devices? I tried to discover a few site to site VPNs using the wizard but it always fails with saying that CSM can only discover site to site vpn on managed devices.

Maybe I missed something in the manual...

Is anybody able to monitor site to site vpn including 3rd party firewall with CSM?



Cisco Employee

Re: CSM - Site-to-site monitoring with unmanaged device


You can't discover a VPN on CSM with a 3rd party device. You can *configure* one, however, which is what I would do.

Arrange a disruptive change window, and then configure the VPN from scratch in CSM with an unmanaged device, and that should allow you to change the Cisco side of the VPN in CSM after that.

New Member

Re: CSM - Site-to-site monitoring with unmanaged device


Thanks for your reply.

It's shame CSM can't discover vpn with 3rd party devices.


New Member

Re: CSM - Site-to-site monitoring with unmanaged device

Yeah, you can't discover a site to site vpn to an unmanaged device. You can manually create one in CSM however using the following process:

1) Discover managed device.

2) Discover unmanaged device (using Add New Device wizard, and unselect "Manage in Cisco Security Manager")

3) Add an interface to the unmanaged device with correct peer IP address. This seems to be required otherwise when you submit changes an error occurs.

4) Create Site to Site VPN.

5) Submit and deploy.

Note that when deploying, CSM still wants to deploy to the unmanaged device (which is silly as the device is not managed by CSM).

I logged a call with Cisco and had a round table with their CSM developers on the issues above, and also discovery of vpns to unmanaged devices. They gave me some constructive feedback that they are working on all of the issues, however they don't expect a solution to be released for some time.