07-01-2010 01:49 AM - edited 02-21-2020 04:00 AM
Hello,
Most of my question is already answered but I have to be sure about the capability of the CSM (and the Auto Update Server) about the update of my "Security Devices" (ASA 5500, AIP-SSM, IPS 4200).
(I am talking about the CSM 3.3.1 and 4.0)
With the CSM can I remotely on a large infrastructure update:
- the ASA software : I think yes. What about 2 ASA in active/passive mode?
- the AIP-SSM software?
- the AIP-SSM recovery partition?
- the IPS 4200 software?
- the IPS 4200 recovery partition?
- the IPS signature update file: yes
If one this updates cannot be done by the CSM, it means that I have to do it device by device?
If my CSM server is offline, can I manually download the IPS sig updates and put them on the CSM?
During the software update on these devices, is the configuration saved ?
Thanks in advance!
07-07-2010 10:44 AM
AUS can do updates and config pushes to your devices that support it like the ASA.
If you want a more complete config archive and config manangement and software image management you should also look into RME http://www.cisco.com/en/US/products/sw/cscowork/ps2073/index.html that works with CiscoWorks and CSM.
I hope it helps.
PK
07-08-2010 12:10 AM
Thanks for the answer!
Ok, but can AUS also take care of the IPS 4260 and AIP-SSM?
Is RME fully integrated into the CSM or is it an external application?
Thanks
07-08-2010 07:22 AM
CSM will directly handle auto-updating of IPS sensors; AUS is not used. You simply need to configure the IPS updates in the Security Adminsiration; within the CSM client:
Tools>Security Manager Adminsitration...
Choose "IPS Updates"
Configure the Auto Update Settings in the left-hand pane as required for your environment.
RME is no longer a required component of CSM and is a separate application.
Scott
07-08-2010 07:26 AM
To add to Scott's comments:
AUS is EOS http://www.ciscosystems.cg/en/US/products/hw/vpndevc/prod_category_end_of_life.html so you don't want to go towards it.
RME is a product that integrates with CSM , is running in the same server and manages config, archives and images of devices.
I hope it helps.
PK
07-08-2010 09:13 AM
All right, so to sum up, I can do all the tasks in my first post (the 6 points) with the CSM (without RME), yes?
Thanks!
07-08-2010 10:02 AM
Yes, you should be able to accommodate ASA and IPS software management without the need to install RME; AUS for ASA image management and CSM for IPS software management.
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide