2-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 2 Preparing Devices for Management
Setting Up AUS or Configuration Engine
Setting Up AUS on PIX Firewall and ASA Devices
You can configure PIX firewalls and ASA devices to use the AUS protocol to contact an Auto Update
Server or CNS Configuration Engine for configuration and image updates. When using Configuration
Engine, the device uses the same AUS protocol used for Auto Update Server, so the configuration is the
same. For an end-to-end explanation of how AUS/CE deployment works, see Deploying Configurations
Using an Auto Update Server or CNS Configuration Engine, page8-42.
You need to initially configure AUS settings on the device so that the device knows that it must contact
the AUS/CE server for configuration updates. After the initial deployment, you can change these settings
using the Platform > Device Admin > Server Access > AUS policy.
This procedure describes the tasks to complete before you use AUS or CNS as the transport protocol for
device management on PIX firewall and ASA devices.
Step 1 Enter configuration mode.
router# config terminal
Step 2 Connect to the AUS. Specify a username and its password that can log into Security Manager. The port
number is typically 443.
hostname(config)# auto-update server https:// username:password@AUSserver_IP_address:port
/autoupdate/AutoUpdateServlet
Step 3 Specify the polling period for AUS.
hostname(config)# auto-update poll-period poll_period [retry_count ] [retry_period ]
Where:
poll_period—The polling period interval between two updates. Default is 720 minutes (12 hours).
retry_count—(Optional) The number of times to retry if the server connection attempt fails. Default
is 0.
retry_period—(Optional) The number of minutes between retries. Default is 5.
Step 4 Configure the device to use the specified unique device ID to identify itself.
hostname(config)# auto-update device-id [ hardware-serial | hostname |
ipaddress [if_name ] | mac-address [if_name ] | string text ]
Where:
if_name—The device interface name (the default is inside).
text—A unique string name.
Step 5 Save the configuration changes.
hostname# write memory