2-7
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter2 Preparing Devices for Management
Setting Up AUS or Configuration Engine

Preventing Non-SSH Connections (Optional)

After configuring SSH, you can configure the Cisco IOS routers, Catalyst switches, and Catalyst
6500/7600 devices to use SSH connections only.
Related Topics
Critical Line-Ending Conventions for SSH, page 2-5
Testing Authentication, page 2-5
Setting Up SSH on Cisco IOS Routers, Catalyst Switches, and Catalyst 6500/7600 devices, page2-6
Step 1 Enter configuration mode.
router# config terminal
Step 2 Set up the router for Telnet access, specifying the first and last line numbers that can be used (numbers
range from 0 to 1180, and the last number must be greater than the first number).
hostname(config)# line vty first_line last_line
Step 3 Prevent non-SSH connections, such as Telnet.
hostname(config-line)# transport input ssh
Step 4 Exit configuration mode.
hostname(config-line)# end
Step 5 Save the configuration changes.
hostname# write memory
Setting Up AUS or Configuration Engine
With many devices, you can use an intermediate transport server to stage configuration updates to the
device. These transport servers can also allow you to manage devices that use dynamically assigned IP
address (using a DHCP server) instead of static IP addresses. When you deploy configurations using a
transport server, Security Manager deploys the configuration to the server, and the device retrieves the
configuration from the server. You can use Auto Update Server, running the AUS protocol, or Cisco
Configuration Engine, running the CNS protocol.
The following topics describe how to set up AUS or CNS on the devices:
Setting Up AUS on PIX Firewall and ASA Devices, page2-8
Setting Up CNS on Cisco IOS Routers in Event-Bus Mode, page 2-9
Setting Up CNS on Cisco IOS Routers in Call-Home Mode, page 2-10