Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
2-3
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 2 Preparing Devices for Management
Setting Up SSL (HTTPS)
Setting Up SSL (HTTPS)
With many devices, you can use the Secure Socket Layer (SSL) protocol, also known as HTTPS, to
communicate with the device. When you deploy configurations with this protocol, Security Manager
encrypts the configuration file before sending it to the device.
The following topics describe how to set up SSL on the devices:
Setting Up SSL (HTTPS) on PIX Firewall, ASA and FWSM Devices, page 2-3
Setting Up SSL on Cisco IOS Routers, page 2-4
Setting Up SSL (HTTPS) on PIX Firewall, ASA and FWSM Devices
This procedure describes the tasks to complete before you use SSL as the transport protocol for device
management on PIX Firewall, ASA and FWSM devices.
Step 1 Enter configuration mode.
hostname# config terminal
Respond to the prompts appropriately. Here are some tips:
Enter y when the prompt asks if you want to preconfigure using interactive prompts.
Enter the current enable password.
Specify the time zone, year, month, day, and time.
If the device:
Is new—Specify the network interface IP address and network mask that applies to the inside
IP address of the device.
Exists—Verify that the interface IP address and mask are correct.
If the device:
Is new—Specify the hostname and the domain name.
Exists—Verify that the hostname and domain name are correct.
When prompted for the IP address of the host that runs the PIX Device Manager, specify the IP
address of the Security Manager server.
Enter yes when the prompt asks if you want to write the above changes to Flash.
Step 2 If you are configuring an ASA, specify the SSL/TLS protocol version the ASA uses when acting as a
server. Specify “any” or “sslv3” or “tlsv1”; do not use “sslv3-only” or “tlsv1-only” as these will cause
time-out errors in the Health and Performance Monitor application during read operations.
hostname(config)# ssl server-version any
Step 3 Enable the HTTP server.
hostname(config)# http server enable
Step 4 Specify the host or network authorized to initiate an HTTP connection to the device.
hostname(config)# http ip_address [netmask] [if_name]
Where: