cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
632
Views
0
Helpful
9
Replies

Next Step for Managing Firewall

ray_stone
Level 1
Level 1

Hi, I have deployed ASA 5505 into Five locations and all are connected via STS Tunnel.

Now I want to know what is a next step for a Network Admin so that everything could work fine. Which of the softwares would you recommand for logs, monitoring or etc so that I could manage all entire things perfectly and troubleshhot the issues while it requires. Thanks

9 Replies 9

5220
Level 4
Level 4

Hi,

Cisco Works suite will do the trick.

It works as SNMP server, syslog, configuration backup, alerts and so on.

As for the management, since there are only 5 ASAs you can use the individual ASDMs. Buying a Firewall MC Software (also part of Cisco Works) doesn;t make sense, since is quite expensive.

The lite version of Cisco Works:

http://www.cisco.com/en/US/products/sw/cscowork/ps2408/prod_brochure09186a00801c0a43.html

Please rate if this helped.

Regards,

Daniel

Hi, Can I get all features in Cisco ACS? Basically I am looking a softwares through which I could see bandthwidth usage per Tunnel wise and support Nelflow as well. A software which has all feature whether it is too expensive.

Waiting of your response

Is this something you have first-hand

experience with or just something you just

read from a Cisco brochure?

If Ciscowork is so good, then why does Cisco

also tout Cisco Security Manager as well?

In upcoming months, we will be deploying FW on 10 new sites and all will be connected va Tunnel. Which of the software would you recommand?

I can not recommend you any management software because:

1- I do not have much experience with Ciscowork managing ASA devices.

My previous experience with Ciscowork had not been a pleasant one.

2- I used Cisco Security Manager 2.5 years ago and the product

was/is a horrible. As a matter of fact, I decided to give it

another try a couple weeks ago. After installing CSM 3.2 on

my Windows 2003 Enterprise Server with Service Pack 2, I tried

to install Performance Monitoring on top of CSM 3.2 and it

refuses to install. Not a good product, IMHO.

3- Solsoft Policy Server is a somewhat better than Cisco CSM.

That being said, it is mainly used for Security policy

repository. It lacks a lot of features in Cisco CSM. But

in terms of policy management, it is definitely better than

CSM for sure.

I've been using Checkpoint Provider-1 for years so I have

a very high set of bar for management software product. Cisco

CSM and Solsoft are error-prone and sluggish (due to java-based).

By the way, if someone has successfully installed Performance

Monitor module on top of Cisco CSM, please let me know as well.

Farrukh :- Any suggestion

I have used both Solsoft and CSM. In my opinion if CSM is set up correctly, utilizing shared policies, object overrides, etc. It is much more useful and easier to manage a large number of devices or a small number of devices with a large number of rules or policies than Solsoft.

Talk with someone that has completed a successful deployment of CSM and then try it, I believe you should be able to demo it.

As far as, performance monitor goes, I have successfully installed it on the same box as CSM, but it was on a CSM 3.1.1 box. I don't believe I had to do any tricks to make it happen, I just followed the installation steps documented here on CCO.

"As far as, performance monitor goes, I have successfully installed it on the same box as CSM, but it was on a CSM 3.1.1 box"

Fair point. I have Windows 2003 Enterprise

Server with Service Pack 2 and Java version

1.6 running on it. There are no other

applications running on this server.

Hardware is an IBM x3650 with 10GB RAM and

dual "quad-core" Processors 3.16GHz.

I installed CSM 3.1.1 on this. Installation

went through fine. Reboot the box after

that.

I then installed Performance Montior. That

installation went fine too. Reboot the box

after that.

I then installed CSM 3.1.1 Service Pack 3.

That installation went fine. Reboot the box

after that.

I then logged into the CSM box from a Dell

Desktop Optiplex Gx620, 4GB RAM and 3.2 GHz

CPU. URL link is http://CSM-IP:1741

I then installed CSM client n the dell

desktop. connect again the CSM client. Then

I download the CSM client service pack 3.

Installed the CSM client after that.

Now I can log into the CSM with the CSM

client. The jump start page showed up.

I closed the jump start page. Now on my

screen, it tells me "connect to DCR" and

it hangs after that. I also tried from

different machines as well but same result.

When I tried URL http://csm-ip:1741, I tried

to go to Performance Monitor tab, it opens

another Browser and hang after that.

anyone know why?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: