3-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 3 Managing the Device Inventory
Adding Devices to the Device Inventory
Tips
Generic router support encompasses ISR and ASR hardware models that are not natively supported.
It does not encompass software versions that are not yet supported. In other words, Security
Manager allows you to manage unsupported hardware platforms if those platforms are running a
supported software release. This type of generic support works best for new models of series that
are already explicitly supported. For example, a new model in the ASR 1000 series, or in the ISR
88x or 89x series. Generic support does not work with carrier-class routers (the CRS) or for Catalyst
switches.
Because this support is generic, Security Manager cannot determine if a particular feature is not
available on the specific model you are managing. You are responsible for determining if a feature
that you are allowed to configure in Security Manager is supported on the device. If you configure
an unsupported feature, you will see errors when you deploy the configuration to the device.
If the device contains an explicitly supported module, such as an AIM-IPS module, the module is
also supported. However, the module’s model must be explicitly supported: there is no generic
module support.
Working with Device Clusters
Clustering lets you group multiple ASAs together as a single logical device. A cluster provides all the
convenience of a single device (management, integration into a network) while achieving the increased
throughput and redundancy of multiple devices. Clustering is supported on ASA 5580 and 5585 devices
running 9.0(1) or later.
Security Manager can manage ASA clusters after they have been configured as a cluster using the CLI
bootstrapping as defined in the ASA Configuration Guide (see
http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.ht
ml).
All the members of a cluster are assigned individual IP addresses during the bootstrap process. When
adding a cluster to Security Manager, you do so by discovering the cluster using the main cluster IP
address. The main cluster IP address is a fixed address for the cluster that always belongs to the current
master unit. This is not the master unit’s individual IP Address.
The cluster is represented as a single device in Security Manager. After the cluster has been added to
Security Manager, you can finish configuring the cluster settings such as cluster interfaces and security
policies.
Note Clustering has specific configuration requirements and restrictions. Please refer to the ASA
documentation at
http://www.cisco.com/en/US/products/ps6120/products_installation_and_configuration_guides_list.ht
ml for detailed information about requirements, configuration recommendations, and performance
information.
Table3-1 Cisco Security Manager Generically Supported Devices
Generic Device Type When To Use
Cisco Generic Aggregation Services Router For devices running Cisco IOS XE Software.
Cisco Generic Integration Services Router For devices running Cisco IOS Software.