CiscoWorks VPN/Security Management Solution

Document ID: 64074

PDF Downloads Change the IP Address and HostName on a VMS Server

Introduction

This document explains how to change the IP address and, if needed, the hostname on a server running CiscoWorks VPN/Security Management Solution (VMS). This document is combined with a zip files containing a script and other utilities that help the execution and the modification of the files that you need to change.

Note: This was not tested with Common Services 2.3.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on these software and hardware versions:

• PIX MC

• AUS

• Router MC

• Monitor Center for Performances

• IDS MC

• Security Monitor

• CSA MC

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Changes Based on the Running Application

Common Services

The files installed with Common Services are not tied to the name or IP address of the server. Extra changes are not required for changing the IP address and hostname on a Windows machine for a server running only Common Services.

PIX MC

The files installed with Common Services are not tied to the name or IP address of the server. Extra changes are not required for changing the IP address and hostname on a Windows machine for a server running only Common Services.

If you want to perform this operation and keep managing the same PIX firewalls, remember to rebootstrap the devices. Update the IP addresses that they have to allow for HTTP connection; this includes adding the new IP address and removing the old address.

You can change the device by adding the PIX configuration:

#http new_ip_address [netmask] [if_name]
#no http old_ip_address [netmask] [if_name]
#write memory

AutoUpdate Server

The files installed with Common Services are not tied to the name or IP address of the server. Extra changes are not required for changing the IP address and hostname on a Windows machine for a server running only Common Services.

If the AUS server has changed the IP address, remember to update the address in the PIX MC. You can update the address using the PIX MC and deploying direct to the device, or via command line. In both cases, if the device has already been deployed to AUS, remember to also redeploy the new configuration to the AUSs server; otherwise, after the first time the device calls home, the old IP address for the server remains in the configuration.

Router MC

The files installed with Common Services are not tied to the name or IP address of the server. Extra changes are not required for changing the IP address and hostname on a Windows machine for a server running only Common Services.

You do not need to update or re-bootstrap the devices.

Monitor Center for Performances

The files installed with Common Services are not tied to the name or IP address of the server. Extra changes are not required for changing the IP address and hostname on a Windows machine for a server running only Common Services.

the devices should be rebootstrapped accordingly for these reasons:

• devices are configured to send messages to the server, or

• devices are configured to allow the server to poll information connecting to the device

IDS MC

After performing the change for Windows (before the server can be functional again), there are few files that need to be changed. Complete these steps to change the files:

1. Stop the daemon manager.

2. Modify the CSCOpx\MDC\etc\ids\xml\SystemConfig.xml file.

3. Change value to the new value (if the change of IP address is needed).

4. Change value to the new value (if the change of hostname is needed). Note, there are two fields with hostname in the file; change only that one that has the IP address, and not the field that contains the “localhost” string.

5. Copy this file to CSCOpx\MDC\Tomcat\vms\ids-config\web-inf\classes\con\Cisco\nm\mdc\ids\common\SystemConfig.xml.

6. Restart the daemon manager

If there are sensors in the system, you need to modify each one.

From the GUI, choose Configuration > Settings > Communications > remote hosts page. Edit the IP address to change the old with the new one.

Security Monitor

After performing the change for Windows (before the server can be functional again), there are few files that need to be changed. Complete these steps to change the files:

1. Stop the daemon manager.

2. Modify the CSCOpx\MDC\etc\ids\xml\SystemConfig.xml file.

3. Change value to the new value (if the change of IP address is needed).

4. Change value to the new value (if the change of hostname is needed).

5. Copy this file to CSCOpx\MDC\Tomcat\vms\ids-monitor\web-inf\classes\con\Cisco\nm\mdc\ids\common\SystemConfig.xml.

6. Change the IP address for the hostname given in input.

7. If needed, change the hostname in the routing table.

8. Restart the daemon manager

From the GUI, choose Configuration > Settings > Communications > remote hosts page. Edit the IP address to change the old with the new one.

CSA MC

For CSA MC, the main problem is the certificate that is used for the communication between the CSA MC and the CSA agent. If you change only the IP address on the server, there is no problem. If you change the name of the server, then you have to regenerate the certificate on the server, and also update the certificate on all the agents. Complete these steps to regenerate the certificate on the server:

To stop the CSA services, issue these commands from a command prompt:

net stop csagent
net stop crmdmgtd

1. Delete these files:

   • In the CSCOpx\CSAMC\cfg directory, delete sslca.crt and sslhost.crt.

   • In the CSCOpx\lib\web\conf directory, delete root.crt, server.key, and server.crt.

   • In the CSCOpx\MDC\Apache\conf\ssl directory, delete chain.cer, root.crt, server.key, and server.cert.

2. Open the CMD window.

3. Enter these commands:

   cd CSCOpx\CSAMC\Bin
   ..\..\bin\perl.exe installcert.pl -forceinstall

   This generates a new certificate in the X:\Program Files\CSCOpx\CSAMC\cfg directory and copies them in the appropriate files in the CMF and core apache.

4. Run the script from the CMD.

   Run:
   net start crmdmgtd
   net start csagent
   To refresh kits, got to CSAMC bin directory and type "webmgr makekits_refresh”
   

   You can see the new location of the files.

After generating the new certificate on the CSAMC server, you need to change the certificate on the agent machines. On each server, you need to edit the sysvars.cf file on each agent machine to reflect the new name of the CSA MC. You also need to download the new certificate that is generated into each agent's CFG directory.

Change the Hostname on Windows 2000

Complete these steps:

1. Right-click My Computer.

2. Choose Properties.

3. Choose the Network Identification tab.

4. Click Properties.

5. Edit the computer name in the text field.

6. Reboot the computer.

Change the IP address on Windows 2000

Complete these steps:

1. Right-click My Network Places.

2. Choose Properties.

3. Right-click the LAN connection on which you want to change the IP address.

4. Choose Properties.

5. Choose IP/TCP protocols.

6. Click Properties.

7. Define your network properties, such as IP address, network mask, and gateway.

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Cisco Support Community - Featured Conversations

Related Information

• CiscoWorks VPN/Security Management Solution Support Resources
• Technical Support - Cisco Systems