Filter
Top Products
9-13
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 9 Troubleshooting Device Communication and Deployment
Troubleshooting Deployment
Related Topics
• Troubleshooting Device Communication Failures, page 9-7
• Managing Device Communication Settings and Certificates, page 9-4
• Managing IPS Certificates, page 43-10
• Understanding Device Communication Requirements, page 2-1
Updating VPNs That Include Routing Processes
Problem: When you define and deploy changes to a routing process that is being used by a VPN
topology (using either the Site-to-Site VPN Manager or the routing policies), the changes that you make
are not reflected in the CLI commands configured on the device.
Solution: When you discover a VPN topology that includes routing processes, such as GRE full mesh,
Security Manager populates the GRE Modes policy in the Site-to-Site VPN Manager, as well as the
relevant routing policies. However, changes made to one of these policies in Security Manager are not
automatically reflected in the other policy, which can lead to unexpected results after deployment.
Therefore, if you make changes to the secured IGP in the Site-to-Site VPN Manager, be sure to go to
Platform > Routing in Device view to make the necessary changes in the device’s routing policies.
Likewise, if you make changes directly to the routing policy, be sure to make the necessary changes in
the Site-to-Site VPN Manager as well.
Related Topics
• Chapter 24, “Managing Site-to-Site VPNs: The Basics”
• Chapter 58, “Managing Routers”
• Chapter 45, “Managing Firewall Devices”
Mixing Deployment Methods with Router and VPN Policies
You might receive unpredictable results when you deploy router platform and VPN policies to a live
device after previously deploying to a configuration file.
This problem can occur when you use a mix of deployment methods (deploy to device and deploy to file)
with router platform policies and VPN policies. Because Security Manager does not manage all the
available CLI commands for these policy types, it maintains a snapshot of the commands it has
configured and leaves all other commands (which includes unsupported commands as well as supported
commands in policies that have not been configured in Security Manager) intact on the device.
After each deployment, Security Manager creates a snapshot of the policies that were deployed to each
device. This snapshot is used during the next deployment to generate the list of configuration changes
that will be deployed to the device. Only one snapshot is maintained at a time per device.
Mixing deployment methods with router platform policies and VPN policies can lead to unpredictable
results, as shown in this example:
1. Configure router platform policy A to a live device. When deployment completes, Security Manager
creates a snapshot for that device with policy A.