Re: [fw-wiz] Cisco Security Manager clone?





-----Original Message-----
From: David Blahut [mailto:dablahut@xxxxxxxxxx]
Sent: Friday, May 02, 2008 8:55 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] Cisco Security Manager clone?


Mike,

Take a look at Expect: http://en.wikipedia.org/wiki/Expect

I know it can be used to access many devices and make the same config
change over and over. That may help automate your needed
changes to all
your sites.


Hmmmh. The best example of the use of expect in this arena is rancid
(http://www.shrubbery.net/rancid/)

But, I think rancid is more oriented towards the tracking of changes which
have been made
and the backing up of existing configurations.

Now to include the changing of configs into rancid, that's an idea. But it
would take
better skills than mine :-(

bruce


Good Luck,
-d

Mike Davis wrote:

This is my first posting so be gentle ;-)

I have an environment that is all Cisco based firewalls for my edge
protection and site to site vpns. I have a little over 100 remote
sites running on ASA 5505’s with an AES Tunnel to both the primary
(HQ) and secondary (DR ) sites. It is working quite nicely and has
been for years now but the problem I have is this… all my
remote site
firewalls are not centrally managed in the sense that I can
make one
change in a console and push it globally to all my remote
firewalls so
that when a change is required, I have to log into each and
every one
(I use SSH) and make the changes.

I know that Cisco Security Manager will allow me to do that
but at the
100K pricetag I was quoted from Cisco with the blink of an
eye… I just
cannot put that into my budget.

Does anyone know of or can recommend any freeware or low-cost-ware
application that will allow me to monitor and make global config
changes without having to SSH to each one? The ability to segregate
into groups and manage based upon groups would certainly be
a plus as
well but not a requirement.

Thanks in advance!

*Mike Davis*


--------------------------------------------------------------
----------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • RANCID: End of run not found
    ... I’m new to rancid and I’ve been trying to config it to run Cisco Network devices. ... Checked by AVG Free Edition. ...
    (freebsd-questions)
  • Re: no snmp-server [CR] command
    ... I use RANCID to monitor Cisco configs. ... eg for Cisco it's 'clogin'. ... So bulk config changes go something like this, ... The reason I don't is that a) I'm only usually doing this on tens of routers ...
    (comp.dcom.sys.cisco)
  • Re: Cisco + Linux How to store configs in one script?
    ... I use RANCID religiously. ... config, filesystem details, and more; stores each config in CVS; diffs ... would-be-attacker to think of when compromising a Cisco. ... RANCID every 4 hours on all of my hardware. ...
    (comp.dcom.sys.cisco)
  • Re: Cisco + Linux How to store configs in one script?
    ... I use RANCID religiously. ... config, filesystem details, and more; stores each config in CVS; diffs ... would-be-attacker to think of when compromising a Cisco. ... RANCID every 4 hours on all of my hardware. ...
    (comp.dcom.sys.cisco)
  • Re: Easy VPN - client doesnt get config from server
    ... trying to do Easy VPN between myself and a remote site. ... i want to make sure my config is right. ... joeblack wrote: ... If is makes a connection then it should ...
    (comp.dcom.sys.cisco)