Introduction
This document describes different ways of configuration synchronization from ASA to CSM.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Cisco Security Manager
- Adaptive security device
Components Used
The information in this document is based on these software and hardware versions:
- Cisco Security Manager 4.25
- Adaptive security appliance
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
The Cisco security manager delivers centralized management and monitoring services for Cisco ASA device.
Demonstration Methodology
This document describes two distinct methods or options for synchronizing the configuration from ASA to CSM.
- Single device discovery
- Bulk device rediscovery
Single Device Discovery
Single discovery can only be performed if the device is added to the inventory. It can be performed only when the device has
- Security context configurations for ASA, PIX, and FWSM devices running in multiple context mode.
- Virtual sensor configurations for IPS devices.
- Service module information for Catalyst devices.
Steps to Perform Single Device Discovery:
You can perform the device discovery when you have performed any changes on device CLI or if the device was removed and added back.
To check if any pending changes are yet to be synchronized , obeserve the example mentioned.
Right click on the respective device from the device pane and select the option Detect out of band changes.
If there are no changes , then the page displays as no out of bound changes found for this device.
If there were any changes done , then the lines are highlighted as per the legend.
Steps to Perform Single Device Discovery:
Step 1:
Right click on respective device name from device pane and choose the option Discover policies on Device(s).
Step 2:
For single device recovery method you can only see the Create Discovery Task dialogue box. Incase if you are getting a bulk discovery dialogue box , kindly close and open it again.
You have 3 options to perform the discovery.
- Live Device – It fetchs the configuration from live device , which is in network.
- Configuration File – You can choose the configuration file and proceed with the discovery.
- Factory Default Configuration – It resets the device to the default configurations. This method can be used for devices that only run single-context mode or for with individual security contexts.
Make sure you are aware of the network topology and the changes that can happen in your network before you proceed with the discovery.
Once the discover is completed , you can see the pop screen with the status as Discovery completed.
And from out of band changes also it cannot have any changes.
Bulk Device Discovery
To discover policies for multiple devices, you can conduct bulk rediscovery. It is important to note that bulk rediscovery is limited to live devices , those currently operational and accessible within your network.
You cannot perform the bulk discovery on security context, virtual sensors. Service modules can be discovered it selected separately.
Steps to Perform Bulk Device Discovery:
Step 1:
Navigate to Policy > Discover Policies on device
Step 2:
If you are performing Bulk rediscovery , only the bulk rediscovery dialogue box can appear.
From available devices in the left pane , choose the list of devices for which you want to discover policies and move it to the right side.
Step 3:
Verify if all the selected devices are listed and click on Finish to proceed further with the bulk rediscovery.
Make sure you are aware of the network topology and the changes that can happen in your network before you proceed with the discovery.
Once the discovery is completed you can see the example like
Both the devices are discovered successfully.