60-29
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 60 Router Device Administration
HTTP and HTTPS on Cisco IOS Routers
Defining HTTP Policies
When you define an HTTP policy, you can:
Enable and disable HTTP and SSL functionality on the router.
Specify the ports used by each protocol.
Optionally define a standard, numbered ACL that restricts access to the device using these protocols.
In addition, you can define the methods of AAA authentication and authorization methods to perform
on users.
You must use caution when defining an HTTP policy, as your settings may affect communication
between Security Manager (as well as other management applications that use these protocols) and the
device.
Note As a general rule, Cisco IOS routers that have been discovered by Security Manager already have HTTPS
enabled because Security Manager uses SSL as the default protocol for communicating with them. See
Setting Up SSL on Cisco IOS Routers, page 2-4.
Before You Begin
Enable AAA services on the router. See Defining AAA Services, page 60-4.
Related Topics
HTTP and HTTPS on Cisco IOS Routers, page 60-28
Step 1 Do one of the following:
(Device view) Select Platform > Device Admin > Device Access > HTTP from the Policy selector,
then click the Setup tab in the work area.
(Policy view) Select Router Platform > Device Admin > Device Access > HTTP from the Policy
Type selector. Select an existing policy or create a new one.
The HTTP Setup tab is displayed. See Table 60-13 on page 60-32 for a description of the fields on this
tab.
Step 2 Select the check boxes to enable HTTP and SSL (HTTPS) server functionality on the router.
Note If SSL is disabled (or if the HTTP policy as a whole is unassigned), Security Manager cannot
communicate with the device after deployment unless you change the transport protocol for this
device to SSH. This setting can be found in Device Properties. See Managing Device
Communication Settings and Certificates, page 9-4.
Tip We recommend that you disable HTTP when SSL is enabled. This is required to ensure only
secure connections to the server.
Step 3 (Optional) Modify the default ports used by HTTP (80) and HTTPS (443).