3-35
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 3 Managing the Device Inventory
Working with the Device Inventory
Changing Critical Device Properties, page 3-50
Showing Device Containment, page3-53
Cloning a Device, page 3-54
Deleting Devices from the Security Manager Inventory, page 3-55
In addition to these topics, see the following related topics:.
Adding Devices to the Device Inventory, page 3-6
Exporting the Device Inventory, page 10-5
Importing Policies or Devices, page 10-13
Adding, Editing, or Deleting Auto Update Servers or Configuration Engines
If you want to use Security Manager to manage devices that use other servers to manage their
configuration (for example, devices that have dynamic IP addresses supplied by a DHCP server, an
address that might not stay constant between device reboots), you must identify the server in Security
Manager. These are the servers you can use:
Auto Update Server (AUS), which is used for upgrading device configuration files on PIX Firewall
and ASA devices that use the auto update feature.
Cisco Configuration Engine, which is used for upgrading device configuration files on Cisco IOS
routers, ASA devices, and PIX Firewalls that use the configuration engine feature.
Security Manager cannot initiate direct communication with devices that acquire their interface
addresses using DHCP because their IP addresses are not known ahead of time. Furthermore, these
devices might not be running, or they might be behind firewalls and NAT boundaries when the
management system must make changes. These devices connect to an Auto Update Server or
Configuration Engine to get device information.
You can add AUS and Configuration Engine servers to the device inventory when you add devices
manually or when you view device properties. You do not have to be adding or viewing the properties of
a device that uses one of these servers, you just have to get to the appropriate field to access the controls
to add, edit, or delete these servers.
You can also add these servers if you import them from an inventory file exported from CiscoWorks
Common Services Device Credential Repository (DCR) or from another Security Manager server. If you
import the server, you bypass the procedure described in this section. For more information about
importing devices, see Adding Devices from an Inventory File, page 3-29.
Before You Begin
If you want to populate the Security Manager inventory with your list of AUS and Configuration Engine
servers without respect to adding devices, the best approach is to use the New Device wizard and to select
Add New Device as the add method. This approach is described in this procedure.
You can also add or edit servers by selecting a device in the Device selector and clicking Tools > D evi ce
Properties. Click General in the device properties table of contents. The Server field is in either the
Auto Update or Configuration Engine groups. You can add or edit only the type of server identified in
the group name.