Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

60-82

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 60 Router Device Administration

Secure Device Provisioning on Cisco IOS Routers

• Defining Secure Device Provisioning Policies, page 60-83

Contents of Bootstrap Configuration

The bootstrap configuration provided by SDP typically does the following:

• Sets the petitioner’s hostname.

• Synchronizes the petitioner’s system clock with the registrar.

• Sets the petitioner’s trustpoint.

• Sets the petitioner’s authentication and authorization mechanism.

• Pushes the CA certificate.

• Enrolls the petitioner with the PKI server.

• Sets other VPN configurations, such as the configuration required to establish a management tunnel.

• Sets Cisco Networking Services (CNS) configuration.

• Sets the petitioner’s DHCP pool.

Related Topics

• Secure Device Provisioning Workflow, page 60-82

• Secure Device Provisioning on Cisco IOS Routers, page 60-81

Secure Device Provisioning Workflow

The following illustrates the steps required to use SDP to register a remote-site device in a secure

network:

1. Unpack the router and connect the power, LAN, and WAN cables.

2. Turn on a computer (introducer) that is assigned an IP address from the DHCP server on the router,

open a web browser, and go to the petitioner URL (http://device/ezsdd/welcome) on the router. The

router responds with a registration page (also called the local login dialog box).

3. Enter the username and password, then click OK. On the welcome page, enter the URL for the

registrar. The following actions occur:

a. The browser opens an HTTPS-secured session to the central-site registrar, which verifies the

username with the AAA server and returns the appropriate bootstrap configuration to the

browser.

b. The browser feeds the bootstrap configuration to the remote-site router, configuring PKI

trustpoint enrollment and IPsec VPN connectivity, and provisioning system attributes and other

information.

c. You are notified that bootstrap configuration is complete.

Related Topics

–

Contents of Bootstrap Configuration, page 60-82

–

Secure Device Provisioning on Cisco IOS Routers, page 60-81

previous next