User Guide for Resource Manager Essentials 3.4 (With LMS 2.1/RWAN 1.2) - Managing PIX Devices through Proxy Server (Auto Update Server) [CiscoWorks Resource Manager Essentials]

Table Of Contents

Managing PIX Devices through Proxy Server (Auto Update Server)

Importing Information from Proxy Server

What You Need—Prerequisites

How To Do It—Procedures

Importing Proxy Server

Distributing Images

Where You Should End Up—Verification

Managing PIX Devices through Proxy Server (Auto Update Server)

Your network has deployed thousands of PIX Firewall Series devices to the homes of all the employees of your company. Each employee may access the internet through a different ISP, some behind a firewall, and hence not directly manageable by the Essentials Server.

As a network administrator, you need to manage these un-addressable devices. You can accomplish this task by indirectly managing the PIX devices through a supported proxy server like Auto Update Server.

(See to the online help for specific procedures on importing, modifying and deleting.)

Importing Information from Proxy Server

This will allow devices behind firewalls or Network Address Translation (NAT) boundaries to upgrade software images or configuration files, and pass on device status and information to the Essentials server. This option is specifically aimed at providing a solution to the problem of upgrading edge devices and to avoid the inherent complications in handling software image upgrades in the core of the network.

The primary goal of the Proxy Server (Auto Update Server) is to manage devices that obtain their address through dynamic addressing. With dynamic addressing, a network management server does not know the device addresses. See Figure 11-1 for details of how

The problem of not knowing the addresses necessitates having these devices contact the Essentials server instead of the server contacting them. The devices may also not be directly addressable:

1. The device contacts the Proxy Server (Auto Update server), providing its current state and device information.

2. The Proxy Server responds with a list of image files that the device should currently be running.

3. The device compares the file versions provided by the Proxy server with the ones running. If they differ, download the new versions from URLs provided.

4. If any of the files on the device have changed, the device restarts the Auto Update process to update the information about the device in the Auto Update server—this is called audit trail. (This time it would quickly figure out no updates are needed). This helps the Proxy Server (Auto Update server) maintain an audit trail to immediately know when an update has occurred successfully. The next time you may hear from a device could be a week later; if the polling frequency is a week.

Note The current version of Essentials supports only one Proxy Server

Figure 11-1 Importing Information from Proxy Server

What You Need—Prerequisites

In this scenario, you will use these applications:

•Software Management

•Inventory

For a complete description of all the required tasks, refer to the online help.

How To Do It—Procedures

The purpose of this scenario is to show you how you can use specific applications to perform the following tasks:

•Importing Proxy Server

•Distributing Images

This will help you understand how to use the applications to perform similar tasks in your network.

Importing Proxy Server

To import the proxy server, do the following:

Step 1 Select Resource Manager Essentials > Administration > Inventory > Proxy Management.

The Import from Proxy Server dialog box appears.

Step 2 Enter the host name of the proxy server in the Host Name field.

Step 3 Enter the port number of the proxy server in the Port Number field.

Step 4 Enter the user name to be used to log into the proxy server in the User Name field.

Step 5 Enter the password in the Password field, and confirm the password in the Verify field.

Step 6 Click Import.

Distributing Images

To distribute images to the devices, do the following:

Step 1 Select Resource Manager Essentials > Software Management > Distribution > Distribute Images.

Step 2 Navigate though the options to add devices, select and verify devices to upgrade.

See the online help for detailed procedures.

Where You Should End Up—Verification

To verify if the devices are imported from the proxy server:

Step 1 Select Resource Manager Essentials > Administration > Inventory > Import Status. Do one of the following:

•Click on any of the statuses to view the devices in that state.

•If you had selected Check Device Attributes, the number of device attribute errors is also shown. Click this field to view details.

Step 2 Click Update to refresh the display during the operation. You can continue to update the display until the pending count goes to 0.

To verify the list of managed devices imported from the proxy server:

Step 1 Select Resource Manager Essentials > Administration > Inventory > List Devices.

Step 2 Click Update to refresh the display during the operation.

	User Guide for Resource Manager Essentials 3.4 (With LMS 2.1/RWAN 1.2)
	Managing PIX Devices through Proxy Server (Auto Update Server)
User Guide for Resource Manager Essentials 3.4 (With LMS 2.1/RWAN 1.2) Preface Overview Resource Manager Essentials Applications VPN Security Management Solution Network Address Translation Support Monitoring Your Devices Upgrading Your Device Software Performing Maintenance on Your Essentials Server Making a Device Configuration Change Using a Template Configuring Multiple Devices Importing Device Data to Inventory Managing PIX Devices through Proxy Server (Auto Update Server) Checking Device Configuration Changes and Who Made Them Creating a Syslog Custom Report Maintaining Your Inventory Information Troubleshooting Essentials File Import Format Essentials Command Reference	Download this chapter Managing PIX Devices through Proxy Server (Auto Update Server) Table Of Contents Managing PIX Devices through Proxy Server (Auto Update Server) Importing Information from Proxy Server What You Need—Prerequisites How To Do It—Procedures Importing Proxy Server Distributing Images Where You Should End Up—Verification Managing PIX Devices through Proxy Server (Auto Update Server) Your network has deployed thousands of PIX Firewall Series devices to the homes of all the employees of your company. Each employee may access the internet through a different ISP, some behind a firewall, and hence not directly manageable by the Essentials Server. As a network administrator, you need to manage these un-addressable devices. You can accomplish this task by indirectly managing the PIX devices through a supported proxy server like Auto Update Server. (See to the online help for specific procedures on importing, modifying and deleting.) Importing Information from Proxy Server This will allow devices behind firewalls or Network Address Translation (NAT) boundaries to upgrade software images or configuration files, and pass on device status and information to the Essentials server. This option is specifically aimed at providing a solution to the problem of upgrading edge devices and to avoid the inherent complications in handling software image upgrades in the core of the network. The primary goal of the Proxy Server (Auto Update Server) is to manage devices that obtain their address through dynamic addressing. With dynamic addressing, a network management server does not know the device addresses. See Figure 11-1 for details of how The problem of not knowing the addresses necessitates having these devices contact the Essentials server instead of the server contacting them. The devices may also not be directly addressable: 1. The device contacts the Proxy Server (Auto Update server), providing its current state and device information. 2. The Proxy Server responds with a list of image files that the device should currently be running. 3. The device compares the file versions provided by the Proxy server with the ones running. If they differ, download the new versions from URLs provided. 4. If any of the files on the device have changed, the device restarts the Auto Update process to update the information about the device in the Auto Update server—this is called audit trail. (This time it would quickly figure out no updates are needed). This helps the Proxy Server (Auto Update server) maintain an audit trail to immediately know when an update has occurred successfully. The next time you may hear from a device could be a week later; if the polling frequency is a week. Note The current version of Essentials supports only one Proxy Server Figure 11-1 Importing Information from Proxy Server What You Need—Prerequisites In this scenario, you will use these applications: •Software Management •Inventory For a complete description of all the required tasks, refer to the online help. How To Do It—Procedures The purpose of this scenario is to show you how you can use specific applications to perform the following tasks: •Importing Proxy Server •Distributing Images This will help you understand how to use the applications to perform similar tasks in your network. Importing Proxy Server To import the proxy server, do the following: Step 1 Select Resource Manager Essentials > Administration > Inventory > Proxy Management. The Import from Proxy Server dialog box appears. Step 2 Enter the host name of the proxy server in the Host Name field. Step 3 Enter the port number of the proxy server in the Port Number field. Step 4 Enter the user name to be used to log into the proxy server in the User Name field. Step 5 Enter the password in the Password field, and confirm the password in the Verify field. Step 6 Click Import. Distributing Images To distribute images to the devices, do the following: Step 1 Select Resource Manager Essentials > Software Management > Distribution > Distribute Images. Step 2 Navigate though the options to add devices, select and verify devices to upgrade. See the online help for detailed procedures. Where You Should End Up—Verification To verify if the devices are imported from the proxy server: Step 1 Select Resource Manager Essentials > Administration > Inventory > Import Status. Do one of the following: •Click on any of the statuses to view the devices in that state. •If you had selected Check Device Attributes, the number of device attribute errors is also shown. Click this field to view details. Step 2 Click Update to refresh the display during the operation. You can continue to update the display until the pending count goes to 0. To verify the list of managed devices imported from the proxy server: Step 1 Select Resource Manager Essentials > Administration > Inventory > List Devices. Step 2 Click Update to refresh the display during the operation.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.