69-11
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter69 Using External Monitoring, Troubleshooting, and Diagnostic Tools
Launching Cisco Prime Security Manager
When a CX module is detected on an ASA, the management IP address of the module itself is fetched
and the ASA CX section of the Device Properties window is updated; see Device Properties: General
Page, page 3-40. The management IP address is used to cross-launch PRSM. (Cisco Prime Security
Manager, or PRSM, is the application used to configure and manage ASA CX devices, as described in
Launching Cisco Prime Security Manager, page 69-9.)
Note The URL used by Security Manager to launch PRSM incorporates the management IP address of the CX
module (obtained during device detection), and includes the string /admin/mgmt?rtp. During
cross-launch, this type of request is redirected to the appropriate PRSM central server, if one exists.
Otherwise, the “on-box” version of PRSM is launched. (To directly launch the on-box version of PRSM
yourself, you must type https://<management_IP_address>, where <management_IP_address> is the
management address of the desired CX module, into your browser’s address field.)
Upon completion of the detection process, all ASAs with CX modules installed a re indicated in the
various Security Manager displays by presentation or inclusion of the PRSM icon: . For example,
here is the ASA CX icon used in the Device selector: .
Caution You also can detect the presence of a CX module on an existing ASA by choosing Discover Policies on
Device(s) from the selected-device right-click menu, or by choosing Discover Policies on Device from
the Policy menu. Depending on the number of devices selected and which command you choose, the
Create Discovery Task dialog box, or the Bulk Rediscovery Task dialog box, opens and all
discovery-rediscovery options are available. This means you can potentially overwrite any shared
policies already established on the selected device(s). Be sure to deselect all options except Detect ASA
CX Module, unless you are sure you want to discover-rediscover existing policies. See Discovering
Policies on Devices Already in Security Manager, page5-15 for more information.
Sharing Device Inventory and Policy Objects with PRSM
You can export the current device inventory, and the current set of policy objects, as defined in Security
Manager for import into Cisco Prime Security Manager (PRSM).
Exporting the Device Inventory
To share the Security Manager device inventory with PRSM, export the inventory as a comma-separated
values (CSV) file, as described in Exporting the Device Inventory, page 10-5. Be sure to specify “Cisco
Security Manager” as the format type for the export file.
Exporting Networks/Hosts and Services Policy Objects
To export Security Manager policy objects—specifically Networks/Hosts objects, or Services objects;
PRSM does not support Port List objects—for import into PRSM, you must execute a Perl script on the
Security Manager server host to create a CSV file.
The Perl script is included in the Security Manager server installation, and its use is described in detail
in Importing and Exporting Policy Objects, page 6-21. The basic procedure is as follows:
1. Log into the computer running the Security Manager server, open a Cmd window, navigate to the
Perl-script location, and then execute the Perl-script command at the command prompt.
Here is an example of the command as used to export Networks/Hosts objects: perl
PolicyObjectImportExport.pl -u user -p password -o export -t network -f
C:\CSM_Net_objects.csv