Guest

Cisco Security Manager

Supported Devices and Software Versions for Cisco Security Manager 4.5

  • Viewing Options

  • PDF (383.3 KB)
  • Feedback

Table Of Contents

Supported Devices and Software Versions for Cisco Security Manager 4.5

General Device to Feature Support for Security Manager

IPv6 Support Summarized by Device Class and Application

Explicitly Supported Devices for Security Manager

Generically Supported Devices for Security Manager

Supported Software for Security Manager

ASA, FWSM, PIX, and IPS Supported Software Versions

Cisco IOS Software Supported Versions

Basic Cisco IOS Software Support

Basic Cisco IOS XE Software Support

Restrictions for Cisco IOS Software Devices

Software Supported in Downward Compatibility Mode

Supported Devices and Software Versions for Auto Update Server

Supported Devices and Software Versions for Performance Monitor

Product Documentation

Obtaining Documentation and Submitting a Service Request


Supported Devices and Software Versions for Cisco Security Manager 4.5


First Published: November 15, 2013

Cisco Security Manager and its related applications support the devices and operating system versions listed in these sections:

General Device to Feature Support for Security Manager

IPv6 Support Summarized by Device Class and Application

Explicitly Supported Devices for Security Manager

Generically Supported Devices for Security Manager

Supported Software for Security Manager

Software Supported in Downward Compatibility Mode

Supported Devices and Software Versions for Auto Update Server

Supported Devices and Software Versions for Performance Monitor

Product Documentation

General Device to Feature Support for Security Manager

Broadly speaking, Security Manager has these main features: device configuration, event management, report management, health and performance monitor, and image management. Table 1 explains which classes of device are supported for each feature. The exact models and software versions supported in each device class are listed in subsequent sections.

Table 1 Features Supported By Device Class in Security Manager 

Device Class
Device Configuration
Event Management
Report Management
Health and Performance Monitor
Image
Manager

Adaptive Security Appliance (ASA), including service modules

Yes

Yes (ASA 8.0+ only.)

Yes (ASA 8.0+ only.)

Yes

ASA appliances—Yes

Cisco Catalyst 6500 Series ASA Services Modules—Yes

ASA-SM on 7600 Series Routers—Yes

Other ASA service modules—No

Intrusion Prevention System (IPS) appliances and service modules1

Yes1

Yes (IPS 6.1+ only.)

Yes (IPS 6.1+ only.)

Yes

No1

Firewall Services Modules (FWSM)

Yes

Yes (FWSM 3.1.17+, 3.2.17+, 4.0.10+, and 4.1.1+ only)

No

No

No

PIX Firewalls

Yes

No

No

No

No

Cisco IOS routers

Yes

No

No

No

No

Cisco IOS IPS in supported routers

Yes

No

No

No

No

Catalyst switches

Yes

No

No

No

No

1 Signature and sensor image update is already available in Configuration Manager, although it is not available in Image Manager.


IPv6 Support Summarized by Device Class and Application

Security Manager provides some support for IPv6, but only for configuring policies on a device (for example, firewall rules and IPS rules). Support is for traffic through the device; it is not for communication from Security Manager to the device.

Table 2 summarizes IPv6 support by device class in each Security Manager application (for example, Configuration Manager).

If a particular device class has no policies that use IPv6 (for example, Cisco IOS IPS in supported routers), then the table lists "Not applicable." The table also lists "Not applicable" for devices that are not supported at all by a particular application (for example, Image Manager supports only ASAs).

For the specific policies that you can configure, see the Getting Started chapter in the User Guide for Cisco Security Manager.

Table 2 IPv6 Support By Device Class in Each Security Manager Application 

Device Class
Configuration Manager
Event Viewer
Report Manager
Health and Performance Monitor
Image Manager

Adaptive Security Appliance (ASA), including service modules

(Single or multiple security context configurations.)

Yes

(ASA 7.0+ in router mode; 8.2+ transparent mode.)

Yes

(ASA 8.0+ only.)

Yes

(ASA 8.0+ only.)

Yes

No

Intrusion Prevention System (IPS) appliances and service modules

Yes

Yes (IPS 6.1+ only.)

Yes (IPS 6.1+ only.)

Yes

Not applicable

Firewall Services Modules (FWSM)

(Single or multiple security context configurations.)

Yes

(FWSM 3.1+ router mode; not supported in transparent mode.)

Yes

(FWSM 3.1.17+, 3.2.17+, 4.0.10+, and 4.1.1+ only.)

No

No

Not applicable

PIX Firewalls

Not applicable

Not applicable

Not applicable

Not applicable

Not applicable

Cisco IOS routers

Not applicable

Not applicable

Not applicable

Not applicable

Not applicable

Cisco IOS IPS on supported routers

No applicable

No applicable

No applicable

No applicable

Not applicable

Catalyst switches

No applicable

No applicable

No applicable

No applicable

Not applicable


Explicitly Supported Devices for Security Manager

The following table lists the devices you can manage in Cisco Security Manager. These specific models are explicitly supported, that is, Security Manager is aware of the features available on the device and recognizes the device module.


Tip If a device model is not listed in this table, you might still be able to manage it as a generic device type. For more information, see Generically Supported Devices for Security Manager.


Table 3 Cisco Security Manager Supported Devices 

Series
Supported Device Models
Adaptive Security Appliances and Firewalls

Cisco ASA-5500 Series Adaptive Security Appliance

5505

5510

5520

5540

5550

5580-20, -40

5585-X with SSP-10, SSP-20, SSP-40, SSP-60

Cisco ASA-5500 Series Adaptive Security Appliance

[support for ASA version 8.6.1]

5512-X

5515-X

5525-X

5545-X

5555-X

Cisco Catalyst 6500 Series ASA Services Module

ASA-SM on 7600 Series Routers

Note You must select Cisco Catalyst 6500 Series ASA Services Module as the device type to manage the ASA Services Module on a 7600 Series Router.

Cisco Catalyst 6500 Series Firewall Services Module (FWSM)1

Cisco PIX 500 Series Firewalls

501

506

506E

515

515E

520

525

535

IPS Sensors

Cisco IPS 4200 Series Sensors

4210

4215

4235

4240

4250 SX

4250 XL

4255

4260

4270

Cisco IPS 4300 Series Sensors

[IPS Version 7.1(4) onwards]

4345

4360

Cisco IPS 4500 Series Sensors

[IPS version 7.1(6) onwards]

4510

4520

Cisco ASA 5500 Series IPS Security Services Processor

[IPS Version 7.1(4) onwards]

5512-X

5515-X

5525-X

5545-X

5555-X

Cisco ASA 5585 Series IPS Security Services Processor

[IPS Version 7.1(1) onwards]

IPS SSP-10

IPS SSP-20

IPS SSP-40

IPS SSP-60

Cisco ASA 5500 Series Advanced Inspection and Prevention (AIP) Security Services Module

10 (AIP-SSM-10)

20 (AIP-SSM-20)

40 (AIP-SSM-40)

Cisco ASA Advanced Inspection and Prevention Security Services Card (SSC)

5 (SSC-5)

Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Services Module1

Cisco IDS Network Module (NM-CIDS)

Cisco Intrusion Prevention System Advanced Integration Module (AIM) for Cisco1841, 2800, and 3800 Series Integrated Services Routers

Cisco Intrusion Prevention System Network Module Enhanced (NME)

Routers running the IOS IPS feature

85x, 86x, 87x, 88x, 89x

18xx

19xx

26xx

28xx

29xx

37xx

38xx

39xx

72xx

7301

Routers, Switches

Cisco SOHO 70 Series Router

71

76 ADSL

77 ADSL

77 H ADSL

78 G.SHDSL

Cisco SOHO 90 Series Secure Broadband Routers

91

96

97

Cisco 800 Series Routers

801

803

805

811

813

828

831

836

837

851

857

861, 861W

866

867

871

876

877

878

881, 881SRST, 881SRSTW, 881W

886, 886SRST, 886SRSTW, 886W

887, 887SRST, 887SRSTW, 887Vdsl2, 887W

888, 888SRST, 888SRSTW, 888W

891

892

Cisco IAD880 Series Integrated Access Devices

IAD 881(B, F), IAD 881W

IAD 886(B, F), IAD 886W

IAD 887(B, F), IAD 887W

IAD 888(B, F), IAD 888W

Cisco ASR 1000 Series Aggregation Services Routers

Support includes all Ethernet (all speeds), Serial, ATM, and Packet over Sonet (POS) shared port adapters (SPA), but not services SPAs.

Note Support is limited to the following Cisco IOS XE Software consolidated packages: Advanced IP Services, Advanced Enterprise Services. The IP Base packages are not supported.

1002 Fixed Router

1002

1004

1006

Cisco 1600 Series Routers

1601

1602

1603

1604

1605

Cisco 1700 Series Modular Access Routers

1701

1710

1711

1712

1720

1721

1750

1751

1760

Cisco 1800 Series Routers

1801

1802

1803

1805

1811

1812

1841

1861

Cisco 1900 Series Integrated Services Routers

1905

1921

1941

1941W

Cisco 2600 Series Multiservice Platforms

2610, 2610XM

2611, 2611XM

2612

2613

2620, 2620XM

2621, 2621XM

2650, 2650XM

2651, 2651XM

2691

Cisco 2800 Series Integrated Services Routers

2801

2811

2821

2851

Cisco 2900 Series Integrated Services Routers

2901

2911

2921

2951

Cisco 3200 Series Mobile Access Routers

3251

3270

Cisco 3600 Series Multiservice Platforms

3620

3631

3640

3660

3661

3662

Cisco 3700 Series Multiservice Access Routers

3725

3745

Cisco 3800 Series Integrated Services Routers

3825

3825 NOVPN

3845

3845 NOVPN

Cisco 3900 Series Integrated Services Routers

3925

3925E

3945

3945E

Cisco 7100 Series VPN Routers

7120

7140

7160

Cisco 7200 Series Routers

7201

7202

7204

7204VXR

7206

7206VXR

VPN Services Adapter (VSA)

Cisco 7300 Series Routers

7301

7304

Cisco 7500 Series Routers

7505

7506

7507

7513

7576

Cisco 7600 Series Routers

7603

7604

7606

7606-S

7609

7609S

7613

Cisco Catalyst 3550 Series Switches

3550 12G

3550 12T

3550 24 DC SMI

3550 24 FX SMI

3550 24 PWR

3550 24

3550 48

Cisco Catalyst 3560 Series Switches

3560-24PS

3560-24TS

3560-48PS

3560-48TS

3560-8PC

3560G-24PS

3560G-24TS

3560G-48PS

3560G-48TS

Cisco Catalyst 3560-E Series Switches

3560E-12D-S

3560E-12SD-E

3560E-24PD-E

3560E-24TD-E

3560E-48PD-E

3560E-48TD-E

Cisco Catalyst 3750 Metro Series Switches

3750 Metro 24-DC

Cisco Catalyst 3750 Series Switches

3750 Stack

3750-24FS

3750-24PS

3750-24TS

3750-48PS

3750G-12S

3750G-12S-SD

3750G-16TD

3750G-24

3750G-24PS

3750G-24T

3750G-24TS-1U

3750G-24WS

3750G-48

3750G-48PS

3750G-48TS

Cisco Catalyst 3750-E Series Switches

3750E-24PD-E

3750E-24TD-E

3750E-48PD-E

3750E-48TD-E

Cisco Catalyst 4500 Series Switches

4503

4503-E

4506

4506-E

4507R

4507R-E

4510R

4510R-E

Cisco Catalyst 4900 Series Switches

4900M

4948

4948E

4948-10 GE

Cisco Catalyst 6500 Series Switches

Note The virtual switching system (VSS) mode is not supported.

6503, 6503-E

6504-E

6506, 6506-E

6509, 6509-E

6509-NEB

6509-NEB-A

6509-V-E

6513

Cisco 7600/Catalyst 6500 IPSec VPN Services Module (VPNSM)1

Cisco 7600 Series/Catalyst 6500 Series IPSec VPN Shared Port Adapter (VPN SPA)1

Cisco Catalyst 6500 Series VPN Services Port Adapter (VSPA)1

1 Cisco Security Manager Professional Edition is required to manage this services module.


Generically Supported Devices for Security Manager

Security Manager can manage some device models even if the model does not appear in the supported device list. This type of generic device support relies on the fact that device features are controlled more by the software running on the device than the device model.

If you have a device that does not appear in the explicitly supported device list, you can try to manage it as a generic device using the device modules listed in the following table.

Tips

This type of generic support works best for new models of series that are already explicitly supported. For example, a new model in the ASR 1000 series, or in the ISR 88x or 89x series. Generic support does not work with carrier-class routers (the CRS) or for Catalyst switches.

Because this support is generic, Security Manager cannot determine if a particular feature is not available on the specific model you are managing. You are responsible for determining if a feature that you are allowed to configure in Security Manager is not supported on the device. If you configure an unsupported feature, you will see errors when you deploy the configuration to the device.

If the device contains an explicitly supported module, such as an AIM-IPS module, the module is also supported. However, the module's model must be explicitly supported: there is no generic module support.

If a particular ASR is not listed as being explicitly supported in Table 3, but a previous version is, that particular ASR is supported generically in Security Manager with "Generic Router Backward Compatibility Support."

Table 4 Cisco Security Manager Generically Supported Devices 

Generic Device Type
When To Use

Cisco Generic Aggregation Services Router

For devices running Cisco IOS XE Software.

Cisco Generic Integration Services Router

For devices running Cisco IOS Software.


The following table lists the device models that have been tested for generic support:

Table 5 Device Models Tested for Generic Support 

Series
Tested Device Models

Cisco 800 Series Routers

812-G, 812-S, 812-V, 812-B, 812-CT, 812+R7

819-G, 819-S, 819-V, 819-B, 819-CT, 819+R7

866VA, 866VAE

867VA, 867VAE

881G, 881G+7

886G, 886VA, 886VA-W, 886VAG+7

887G, 887M, 887MVA-W, 887VA, 887VA-M, 887VA-W, 887VAG-S, 887VAG+7, 887VAMG+7

888E, 888G, 888EG+7

891W

892W

893FG

Cisco ASR 1000 Series Aggregation Services Routers

1001

Cisco 4400 Series Integrated Services Routers

4451, 4452

Cisco 5940 Series Embedded Services Router

5940


Supported Software for Security Manager

Security Manager supports the software on the devices that it manages as described in the following sections:

ASA, FWSM, PIX, and IPS Supported Software Versions

Cisco IOS Software Supported Versions

ASA, FWSM, PIX, and IPS Supported Software Versions

The following list describes the minimum supported software versions plus the specific release numbers that have additional support in Security Manager for devices that run operating systems other than Cisco IOS Software. You must use a software version that meets at least the minimum. If you use a version that is not listed, Security Manager will treat it as one of these versions (the most closely-matching version, which is typically the release number nearest to it but lower). Any features that are unique to the version you are using are not supported in Security Manager.


Tip The primary device support that is new in version 4.5 of Security Manager is support for ASA 8.4(6), 9.1(2), and 9.1(3) and support for IPS 7.1(8) and 7.2(1).


Cisco ASA-5500 Series Adaptive Security Appliances (ASA)—ASA Software Release 7.0(1-2, 4-8), 7.1(1-2), 7.2(1-5), 8.0(2-3, 5), 8.1(1-2), 8.2(1-3), 8.3(1-2), 8.4(1-6), 8.5(1), 8.6(1), 9.0(1), 9.1(1-3).

The following exceptions apply to ASA software support:

If you upgrade a device that you are already managing in Security Manager to 8.3(1) or higher, you must rediscover the device from the inventory. This is required due to significant policy changes between the 8.3 release and lower releases. This requirement applies to all device models, including upgrades of a 5585-X from 8.2(3) to 8.4(4).

This type of inconsistency is not restricted to 8.3(1) alone; it can happen in more than one scenario where ASA is upgraded from the following OS versions:

—7.x to 8.x

—8.3 and above from any lower version

—8.3.x to 8.4.2 and above

For detailed information on these scenarios, refer to the section titled "Validating a Proposed Image Update on a Device" in the User Guide for Cisco Security Manager 4.5 at the following URL:

http://www.cisco.com/en/US/products/ps6498/products_user_guide_list.html

Although 8.2(4) is supported in downward compatibility mode as 8.2(3), Security Manager does support ASA 5585-X models with SSP-10 and SSP-40 running 8.2(4).

You cannot use Security Manager to manage SSL VPNs on ASA 7.x.

You cannot use Security Manager to manage an ASA 8.3+ device if you enable password encryption using the password encryption aes command. You must turn off password encryption before you can add the device to the Security Manager inventory.

Release 8.5(1) applies to the Catalyst 6500 Series ASA Services Module (ASA-SM) only. The ASA-SM does not support any type of VPN configuration for this version. However, starting from the 9.0(1) version, ASA-SM supports VPN configurations.

Release 8.6(1) applies to Cisco ASA 5500-X based Adaptive Security Appliance models only (except 5585-X Adaptive Security Appliance).

Cisco Catalyst 6500 Series Firewall Services Module (FWSM)—FWSM Software Release 2.2(1), 2.3(1-4), 3.1(1, 3-9), 3.2(1-4), 4.0(1), and 4.1(1).

Cisco PIX 500 Series Firewalls—PIX Firewall Software Release 6.3(1-5), 7.0(1-2, 4-8), 7.1(1-2), 7.2(1-4), and 8.0(2-4).

IPS sensors and modules—IPS Software 5.1, 6.0, 6.1, 6.2, 7.0, 7.1 [7.1(1), 7.1(2), 7.1(3), 7.1(4), 7.1(8)], and IPS 7.2(1)with these restrictions:

IPS signature updates are supported only on IPS Software 5.1(5)E1 and later.

Release 7.1 is supported on the following platforms:

1. Cisco ASA 5585 Series IPS Security Services Processor

2. IPS 4300 series sensors

3. IPS 4500 series sensors

4. IPS 4270

5. Cisco ASA 5500 Series IPS Security Services Processor

6. Six existing hardware platforms are supported in Release 7.1(6):

IPS 4240

IPS 4255

IPS 4260

ASA 5500 AIP SSM-10

ASA 5500 AIP SSM-20

ASA 5500 AIP SSM-40

Cisco IOS Software Supported Versions

The following sections explain the basic versions supported for Cisco IOS Software and the limitations and restrictions that apply to managing Cisco IOS Software devices:

Basic Cisco IOS Software Support

Basic Cisco IOS XE Software Support

Restrictions for Cisco IOS Software Devices

Basic Cisco IOS Software Support

The following list describes the minimum supported Cisco IOS Software versions plus the specific release numbers that have additional support in Security Manager for standard routers. You must use a software version that meets at least the minimum. If you use a version that is not listed, Security Manager will treat it as one of these versions (the most closely-matching version, which is typically the release number nearest to it but lower). Any features that are unique to the version you are using are not supported in Security Manager. Note that the device model might limit the versions you are allowed to install; this is not controlled by Security Manager.

15.3T—Versions include 15.3(1)T, 15.3(2)T, and 15.3(2)S.

15.2T—Versions include 15.2(1)T1 and 15.2(2)T.


Note Security Manager supports 15.2(1)T1 on 88x, 89x, 19xx, 29xx, and 39xx routers only. ScanSafe is the only supported new feature in this version.


15.1T—Versions include 15.1(1)T.

15.0—Versions include 15.0(1)M.

12.4T—Versions include 12.4(2)T, 12.4(4)T, 12.4(6)T, 12.4(9)T, 12.4(11)T, 12.4(11)T1, 12.4(11)T2, 12.4(15)T, 12.4(20)T, 12.4(22)T, 12.4(24)T.

12.4—Versions include 12.4(1), 12.4(1a), 12.4(3).

12.3(2)T—Versions include 12.3(2)T, 12.3(2)T1-9, 12.3(4)T, 12.3(4)T1-11, 12.3(7)T, 12.3(7)T1-7, 12.3(8)T, 12.3(8)T1-7, 12.3(11)T, 12.3(11)T1-3, 12.3(13)T, 12.3(14)T, 12.3(14)T2.

12.3—Versions include:

12.3(1), including 12.3(1a)B.

12.3(2), including the XA3, XB3, XC2, XE2, and XF versions.

12.3(3), including the B and B1 versions.

12.3(4), including the XD4, XG3, XK2, and XQ1 versions.

12.3(5), including the 12.3(5a)B, 12.3(5a)B0a, and 12.3(5a)B1-4 versions.

12.3(6).

12.3(7), including the XI6, XR, XR2, XR4, XJ2, and XS2 versions.

12.3(8), including the XU4, XW3, XX1, YA1, YD1, YG2, YH, YI, and YI1 versions.

12.3(9), including the 12.3(9a)BC, BC1, and BC2 versions.

12.3(10).

12.3(11), including the XL1, YK1, and YS versions.

12.3(12).

12.3(13).

12.2—Versions include:

12.2(8)T and ZB8.

12.2(11)YU, YX, YX1, YZ, and YZ2.

12.2(13)T, T12, ZD2, and ZE.

12.2(14)S, SU, SU2, SX, SY, and SZ.

12.2(15)BX, JK, and ZJ.

12.2(17b)SXA.

12.2(17d)SXB.

12.2(18)SE, SW, SXD, SXE, and SXF.

12.2(20)EW, EWA, EX, and S8.

12.2(23)SW1.

12.2(25)EY, EZ, FX, FY, JA, SEA, SEB, SEC, SED, SEE, and SG.

12.2(27)SBC

12.1—Versions include 12.1(4)E3 and 12.1(5)T9.

Basic Cisco IOS XE Software Support

The Cisco ASR 1000 Series Aggregation Services Routers use Cisco IOS XE Software, which uses a different numbering scheme from standard Cisco IOS Software. However, these release numbers are mapped to standard IOS release numbers in Security Manager. The following are the supported Cisco IOS XE Software releases and the Cisco IOS software equivalent releases used in Security Manager:

2.1.x—Called 12.2(33)XNA.

2.2.x—Called 12.2(33)XNB.

2.3.x—Called 12.2(33)XNC. Security Manager treats this release as equivalent to 2.2 (12.2(33)XNB) except for the addition of GET VPN support.

2.4.x—Called 12.2(33)XND. No features that are new in this release are supported. This is the lowest release supported on the ASR 1002 Fixed Router.

2.5.x—Called 12.2(33)XNE. Security Manager treats this release as equivalent to 2.4 (12.2(22)XND) except for the addition of DMVPN phase 3 support (for direct spoke-to-spoke communications).

2.6.x—Called 12.2(33)XNF. No features that are new in this release are supported.

3.1.x—Called 15.0(1)S. No features that are new in this release are supported.

3.5.x—Called 15.2(1)S. No features that are new in this release are supported.

3.8.x—Called 15.3(1)S. No features that are new in this release are supported.

3.9.x—Called 15.3(2)S. No features that are new in this release are supported.


Tip Although the 2.x ASR releases are mapped to IOS 12.2 releases, you must select IOS 12.3+ as the operating system type when adding the device to the Security Manager inventory.


Restrictions for Cisco IOS Software Devices

Cisco routers and switches have these software restrictions:

For routers running Release 12.1 and 12.2, there is limited support for Layer 3 access rules, interfaces, and FlexConfigs, but not for any other features.

The software release you can use on a device is always limited to those releases that the hardware supports. For example, the 1900, 2900, and 3900 series ISRs require 15.0(1)M as a minimum release.

The Cisco ASR 1000 Series Aggregation Services Routers require Cisco IOS XE Software. For more detailed information, see Basic Cisco IOS XE Software Support.

For the Catalyst 6500/7600, you can use Cisco IOS Software Release 12.1, 12.2 and these versions at the specified point release and later: 12.1(13)E, 12.1(17B)SXA, 12.1(19)E, 12.1(20)E, 12.1(22)E, 12.1(23)E, 12.1(26)E, 12.2(14)SX, 12.2(14)SY, 12.2(17a)SX, 12.2(17d)SXB, 12.2(18)SXD, 12.2(18)SXE, 12.2(18)SXE1, 12.2(18)SXE2, 12.2(18)SXE4, 12.2(18)SXF2, 12.2(18)SXF4, 12.2(33)SRA, 12.2(33)SRB, 12.2(33)SXH, and 12.2(33)SXI.


Note You cannot use the Catalyst Operating System on a device managed by Security Manager.


For the Catalyst 3500/4500, you can use Cisco IOS Software Release 12.1 and 12.2 and the following versions at the specified point release and later. Note that specific devices support a subset of the listed versions:

12.2(37)SE, SG

12.2(31)SGA

12.2(25)EWA, FZ, EZ, EY, SE, EW, SEA, SEB, SEC, SED, SEE, SEG

12.2(20)EU

12.1(26)E

12.1(20)EW, EU, E

12.1(19)EA1, EA1d

12.1(14)AX

12.1(11)AX

To configure and manage VPNs on Catalyst 6500/7600 devices, the earliest software release is Cisco IOS Software Release 12.2(17b)SXA.

To configure and manage IDSM settings on Catalyst 6500/7600 devices, the earliest software release is Cisco IOS Software Release 12.2(18)SXF4.

For routers running an IPS-enabled version of Cisco IOS Software, the earliest supported Cisco IOS Software release is 12.4(11)T2. In addition, to perform signature updates on routers running Cisco IOS Software release 15.0, you need a a separate ios-ips-update license, which you must manually apply to the device.

The IPS subsystem has a separate numbering scheme, which you can view in the device properties in Security Manager. The 3.x subsystems are equivalent to IPS 5.x. The subsystems are:

3.000.001, supported in 12.4(11)T to 12.4(11)T4.

3.001.001, supported in 12.4(15)T to 12.4(15)T2.

3.001.002, supported in 12.4(15)T3 to 12.4(24)T.

3.002.001, supported in 15.0(1)M+.

Software Supported in Downward Compatibility Mode

Security Manager directly supports many individual point releases for the various operating systems you can use with the supported devices. When Security Manager supports a specific point release, it means that you can configure some features new to that release using the product.

Some point releases are supported in "downward compatibility mode." In this mode, you can use the product to configure devices running that point release, but you cannot configure features that are new in the release unless you use FlexConfigs. Thus, the point release is treated as being the same as the nearest point release to it, and Security Manager maps the release number to that supported release.

The following table lists the releases that are specifically supported in Security Manager, and the point releases that are supported as downward equivalents to the release. The table might not include information about every downward compatible release. In general, if a version is not listed here or in Supported Software for Security Manager, Security Manager will treat it as one of the supported versions (the most closely-matching version, which is typically the release number nearest to it but lower).

Table 6 Software Releases Supported in Downward Compatibility Mode 

Releases Supported in Downward Compatibility Mode
Supported As These Releases
ASA Software Releases

8.2(5), 8.2(4.4), 8.2(4.1), 8.2(4), 8.2(3.9)

8.2(3)

8.0(4)

8.0(3)

PIX Software Releases
 
7.2(5)

7.2(4)

FWSM Software Releases

4.1(2-6)

4.1(1)

4.0(2-15)

4.0(1)

3.2(5-21)

3.2(4)

3.1(10-20)

3.1(9)

3.1(2)

3.1(1)

Cisco IOS Software Releases

15.1(3)T

15.1(1)T

12.4(22)T1, 12.4(22)YB, 12.4(22)YB1

12.4(22)T

12.4(20)T1-3

12.4(20)T

12.4(15)T1, 3-9

12.4(15)T

12.4(15)XZ

12.4(20)T

Cisco IOS XE Software Releases for Cisco ASR 1000 Series Aggregation Services Routers

2.1(x) releases: 12.2(33)XNA1,2

12.2(33)XNA

2.2(x) releases: 12.2(33)XNB1-3

12.2(33)XNB

2.3(x), 2.3.xt releases: 12.2(33)XNC1-2, XNC0t, XNC1t

12.2(33)XNC

2.4(x) releases: 12.2(33)XND1-4

12.2(33)XND

2.5(x) releases: 12.2(33)XNE1-2

12.2(33)XNE

2.6(x) releases: 12.2(33)XNF1-2

12.2(33)XNF

3.1(x) releases: 3.1(1-4)S (in running configs, 15.0(1)S1-4)

15.0(1)S

3.2(x) releases: 3.2(0-2)S (in running configs, 15.1(1)S-S2)

15.0(1)S

3.3(x) releases: 3.3(0-1)S (in running configs, 15.1(2)S-S1)

15.0(1)S

3.4(x) releases: 3.4(0)S

15.0(1)S

3.6(x) releases

15.2(1)S

3.7(x) releases

15.2(1)S

3.10(x) releases

15.3(2)S

Cisco IOS Software Releases for Catalyst switches and 7600 series routers

12.2(33)SXI1

12.2(33)SXI


Supported Devices and Software Versions for Auto Update Server

You can use the Auto Update Server application with any Cisco ASA-5500 Series Adaptive Security Appliance, Catalyst 6500 Series ASA Services Module, or Cisco PIX 500 Series Firewall and the ASA or PIX software versions supported by Security Manager.


Note You cannot use devices configured in multiple-context mode with Auto Update Server.


Supported Devices and Software Versions for Performance Monitor

Beginning with Version 4.3, Cisco Security Manager no longer includes the companion application Performance Monitor.

Product Documentation

For the complete list of documents supporting this release, see the release-specific document roadmap:

Guide to User Documentation for Cisco Security Manager

http://www.cisco.com/en/US/products/ps6498/products_documentation_roadmaps_list.html

Lists document set that supports the Security Manager release and summarizes contents of each document.

For general product information, see:

http://www.cisco.com/go/csmanager

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.


This document is to be used in conjunction with the documents listed in the "Product Documentation" section.