cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
297
Views
0
Helpful
1
Replies

How to add new postoffice host in CSPM which have different org through VPN

cjrchoi11
Level 1
Level 1

I have a CSPM with five IDSs and currently all IDSs reporting to CSPM. I want to send all IDSs log to current CSPM and to new server both. the new server(CSPM) are located in different organization and should connect though VPN. how can I add in current CSPM for this new server ?

1 Reply 1

marcabal
Cisco Employee
Cisco Employee

There are two choices for how to send the alarms to the second CSPM server.

CSPMA - original CSPM already receiving events from the sensors

CSPMB - new CSPM not yet receiving events

1) You can setup CSPMA to directly connect to CSPMB and send it a copy of the alarms it is receiving.

On CSPMA configure CSPMB as a postoffice destination machine

On CSPMB configure CSPMA as a postoffice source machine

Refer to the following link for instructions to configure CSPMB as if it were a third party client (I haven't done it myself and you will need to read through the instructions very thoroughly)

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch04.htm#xtocid2665211

2) Instead of getting CSPMA to send copies of alarms to CSPMB, you can get each sensor to send an additional copy directly to CSPMB.

In CSPMB add in each sensor, but do not select the checkbox to check for sensor existence or download the sensor files. The sensor does not yet know about CSPMB so it won't respond.

Now in CSPMA configure each individual sensor to have CSPMB as an additional destination.

http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch03.htm#xtocid2345617

As for the VPN connection. If your VPN is already setup then as long as the boxes are already routing through the VPN tunnel, then just the above instructions are necessary.

If your VPN isn't setup yet, and you are planning on using the IPSEC that comes on the sensor and CSPM then you will need to follow the CSPM instructions for setting up the IPSEC communication between each sensor and CSPMA and each sensor and CSPMB.