Filter
Top Products
8-44
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 8 Managing Deployment
Working with Deployment and the Configuration Archive
• Managing Device Communication Settings and Certificates, page 9-4
Step 1 Set up the TMS as an FTP server. Security Manager uses FTP to deploy the configuration file to the
TMS, from which it can be downloaded and encrypted onto an eToken. The eToken can then be
connected to the USB port of a router and the configuration downloaded. See the TMS product
documentation for more information.
Step 2 In Security Manager, select Tools > Security Manager Administration > Token Management to
identify the TMS server to Security Manager.
By default, Security Manager uses the Security Manager server as the TMS, but you can specify a
different server. You must enter the hostname or IP address, a username and password for the TMS, the
directory to which configuration files should be copied, and the public key file location in Security
Manager. For more information, see Token Management Page, page 11-52.
Step 3 Specify TMS as the transport protocol to be used for Cisco IOS routers.
You can set this parameter globally for all Cisco IOS routers or for a specific device:
• Globally—Select Tools > Security Manager Administration > Device Communication and select
TMS in Transport Protocol (IOS Routers 12.3 and above).
• Device—Right click the device in the Device selector and select Device Properties. On the General
tab, select TMS as the transport protocol in the Device Communications Group. Because not all
routers support TMS, you might not be able to configure TMS for specific devices.
Step 4 In Security Manager, deploy your configurations using the Deploy to Device deployment method.
Security Manager sends the delta configuration to the TMS server.
Depending on the Workflow mode you are using, follow these procedures:
• Deploying Configurations in Non-Workflow Mode, page 8-29
• Deploying Configurations in Workflow Mode, page 8-35
Step 5 Using the TMS, download the configuration to the eToken. See the TMS product documentation for
more information.
Step 6 Download the configuration from the eToken to the router and save the configuration to the device. Plug
the eToken into the router, then enter the following commands to download the configuration to the
router, where usb_token_id is either usbtoken0 or usbtoken1, depending on which USB port you used.
The default PIN is 1234567890.
router# crypto pki token usb_token_id login PIN
router# config terminal
router(config)# crypto pki token default secondary config CCCD
router(config)# exit
router# write memory
Tip CCCD is the private sector on the eToken where the configuration file resides. When you enter
the crypto pki token default secondary config CCCD command, the CLI on the e-token
merges with the CLI on the router.