Scott, you are my best friend :).

We already have a CSM, for me is new product so I didn´t think to use it in this issue. I think we are going to explore this possibility.

Thank you again!

Antonello;

  It is certainly a pleasure to be able to provide guidance on ways to accomplish your needs. Don't hesitate to come back with any other questions you may have, and we in the community will work to assist you.

  CSM an be a bit tricky to get started with, but once you understand its potential, it can make configuration (policy) management of multiple/various Cisco security devices much easier to maintain.

Scott

Scott, I need your help again.

Look, I tried to follow your tip about adding IPS in CSM, but I found this problem:

Our CSM is integrated with ACS, but IPS 6.1 doesn´t support AAA. When I try to add it, CSM tell me I need to add it before in ACS. I tried to add a dummy entry in ACS, but it doesn´t work.

I found this post, I haven´t tried yet, because I would like to find a less trick solution.
https://supportforums.cisco.com/message/959153

Do you know a procedure or a link in documentation where I can find the solution, I was searching for almost all day yesterday but I couldn´t find anything.

Thank you again.
Best regards Antonello.

Scott, never mind I resolve it.

I forgot the first lemma in information technology: be patient.

I forgot CWS can take long time  before to it can see a allowed device from ACS. To accelerate the process I just restart CMS daemon manager.

If you need here are the steeps:

1. Add a dummy entry of IPS in ACS. For dummy entry I mean just add IPS without any config in the device.

2. (Optional) Add the device in CSM ciscoworks backend.

3. Restart CSM daemon manager.

4. (Optional) If you previous add IPS in CSM ciscoworks backend, remove it

5. Add IPS through CSM client.

6. enjoy.

Thank you anyway to read :).

Cheers Antonello.