Introduction
This document describes an issue faced by an user while implementing PRSM (Cisco Prime Security Manager).
Problem
User is using a 5515-X in single device mode. Software is version 9.2.1.2-69. He noticed a couple of anomolities whch he is not sure as desired behaviour of the device. When he go to the configuration overview tab PRSM shows mode of the ASA CX as "unknown". Also the User Guide says "Engineer" should see a "traffic redirection" tab under configuration policies/settings but user don't see that.
Prerequisites
- ASA 5515
- IOS v9.2
- ASDM
- ASA-CX
Solution
What is PRSM( Cisco Prime Security Manager)?
Cisco Prime Security Manager enables the admin to control a centralized, simple, and scalable tool to manage Cisco ASA 5500-X Series Next-Generation Firewalls.
This tool also provides feature of "Context-aware" for granualur usage:
- Application Visibility and Control (AVC)
- Web Security Essentials (WSE)
- Intrusion Prevention Systems (IPS)
so that the admin can enable new use cases without compromising security.
Cisco Prime Security Manager helps in delivering:
- Provides excellent visibility for end-to-end network intelligence
- The ability to write and enforce the granular security policies
- A consistent management interface for single- and multi-device management
- An efficient way to manage core ASA functions including stateful firewall and Network Address Translation (NAT) together with Next-Generation Firewall Service
Network Visibility:
- Gain a comprehensive understanding of the traffic flows throughout the network. Top-level reports summarize traffic patterns related to users, applications, devices, and other contextual elements. Cisco Prime Security Manager also provides access to granular logs and information about the health and performance of security devices.
Granular Application, User, and Device Control:
- Write and enforce granular policies based on a comprehensive set of contextual elements, including:
- Applications, micro-applications, and application behavior
- User and group identity
- Device and operating system
- Device location
- Threat profiles
Solution
If you're running single device mode (on-box PRSM) you cannot manage the ASA configuration like you can with the off-box PRSM. Note this section of the user guide which states:
User Guide
"Traffic Redirection—(ASA, Multiple Device mode only.) Configure traffic redirection from the ASA to its CX module."
Source Discussion