Cisco Systems CL-28826-01 Security Camera User Manual


  Open as PDF
of 2616
 
49-8
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 49 Configuring Failover
Basic Failover Configuration
The following steps outline creating a new security context and adding it to failover group 2.
1. Create the new security context.
Be sure to define: context Name, Configuration URL, assign an Interface, choose Failover Group 2,
and provide a Management IP Address. See “Managing Security Contexts” for more information.
2. Save and submit these changes.
3. Provide the following context-configuration information, saving each change as you go:
On the Credentials page of the Device Properties window for the new context, provide
Username and Password. See “Viewing or Changing Device Properties” for additional
information.
On the context’s Interfaces page, edit the assigned interface, providing a Name, IP address and
Subnet Mask. See “Managing Device Interfaces” for additional information.
On the context’s Failover Page (ASA/PIX 7.0+), page 49-17, edit the interface configuration to
provide a Standby IP Address.
On the “HTTP Page”, check Enable HTTP Server and then define HTTP access.
On the Credentials page, provide the Username and Password to be used when contacting the
context. See “Configuring Device Credentials” for additional information.
4. Choose Deploy from the Configuration Manager’s File menu. Submit your changes, and then in the
Deploy Saved Changes dialog box, be sure only this new context is selected, and then click Edit
Deploy method. In the Edit Deploy Method dialog box, change the Method to File and then specify
the Destination and a file name. Click OK to close the Edit Deploy Method dialog box, and then
click Deploy the Deploy Saved Changes dialog box.
The context configuration is saved to the specified file. See “Deploying to a File” for more
information about this step.
5. After uploading the configuration file to the device, use the CLI to enable HTTP access for the
context. For example:
ciscoasa/group2(config-if)# int g3/0
ciscoasa/group2(config-if)# nameif man
ciscoasa/group2(config-if)# security-level 100
ciscoasa/group2(config-if)# ip add 203.0.113.176 255.255.254.0 st 203.0.113.177
ciscoasa/group2(config-if)# exit
ciscoasa/group2(config)# http serv ena
ciscoasa/group2(config)# http 0.0.0.0 0.0.0.0 man
ciscoasa/group2(config)# username cisco pass cisco
ciscoasa/group2(config)#wr
Following this process, any new changes to the context can be successfully deployed to the context with
Security Manager (attempts to reach the context will not go through the Admin context’s management
IP address).
Alternative
Another approach to this issue is to add the new context to failover group 1 first, and then perform the
configuration via Security Manager. However, in order to then move this context to failover group 2, both
groups (1 and 2) must be active on the same device. Otherwise, this error will be reported:
"join-failover-group 2
ERROR: Command requires failover-group 2 and 1 to be in the same state or no nameif
command for all interfaces in this context"