08-07-2002 06:44 AM - edited 02-21-2020 11:59 AM
I have a CSPM with five IDSs and currently all IDSs reporting to CSPM. I want to send all IDSs log to current CSPM and to new server both. the new server(CSPM) are located in different organization and should connect though VPN. how can I add in current CSPM for this new server ?
08-07-2002 09:10 AM
There are two choices for how to send the alarms to the second CSPM server.
CSPMA - original CSPM already receiving events from the sensors
CSPMB - new CSPM not yet receiving events
1) You can setup CSPMA to directly connect to CSPMB and send it a copy of the alarms it is receiving.
On CSPMA configure CSPMB as a postoffice destination machine
On CSPMB configure CSPMA as a postoffice source machine
Refer to the following link for instructions to configure CSPMB as if it were a third party client (I haven't done it myself and you will need to read through the instructions very thoroughly)
http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch04.htm#xtocid2665211
2) Instead of getting CSPMA to send copies of alarms to CSPMB, you can get each sensor to send an additional copy directly to CSPMB.
In CSPMB add in each sensor, but do not select the checkbox to check for sensor existence or download the sensor files. The sensor does not yet know about CSPMB so it won't respond.
Now in CSPMA configure each individual sensor to have CSPMB as an additional destination.
http://www.cisco.com/univercd/cc/td/doc/product/ismg/policy/ver23i/idsguide/ch03.htm#xtocid2345617
As for the VPN connection. If your VPN is already setup then as long as the boxes are already routing through the VPN tunnel, then just the above instructions are necessary.
If your VPN isn't setup yet, and you are planning on using the IPSEC that comes on the sensor and CSPM then you will need to follow the CSPM instructions for setting up the IPSEC communication between each sensor and CSPMA and each sensor and CSPMB.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide