Quick Start Guide for the VPN/Security Management Solution 2.1
Overview
Download this chapter
OverviewOverview
give_us_feedback

Table of Contents

Overview
About the VMS Bundle
 What's New?
 VMS 2.1 Bundle Contents

Overview

This quick start guide presents the requirements and procedures for installing and configuring select components of the CiscoWorks VPN/Security Management Solution (VMS) 2.1. This guide focuses on three components:

  • Management Center for PIX Firewalls (PIX MC)
  • Management Center for IDS Sensors (IDS MC)
  • Monitoring Center for Security (Security Monitor)
    • Note   This guide contains quick start installation instructions for evaluating these three components on a lab or small network. For custom installation instructions, see the installation guides available in PDF in the Documentation directory on the product CDs. To read the PDF files, you must have Adobe Acrobat Reader 4.0 installed.

For deployment guidelines in a larger production environment, see the CiscoWorks VPN/Security Management Solution Deployment Guide.

This guide assumes you are working with a simple lab or small network that includes a PIX Firewall and IDS Sensor, and one CiscoWorks2000 Server running the Management Centers, as depicted in Figure 1-1.


Figure 1-1   Simple Lab Network Example


1

Outside network, or untrusted network, from which you are protecting the inside network.
2

Hub to which the monitoring interface of the IDS Sensor is attached.
3

Cisco Secure IDS Sensor that monitors the traffic on the outside network.
4

CiscoWorks2000 Server running the PIX MC, IDS MC, and Security Monitor, which are used to manage and monitor the IDS Sensor and PIX Firewall.
5

Inside network, or trusted network, that you are protecting from users on the outside network.
6

PIX Firewall that filters traffic between the inside and outside networks.

This chapter contains the following sections:

About the VMS Bundle

CiscoWorks VPN/Security Management Solution (VMS), an integral part of the SAFE Blueprint, combines web-based tools for configuring, monitoring and troubleshooting enterprise Virtual Private Networks (VPNs), firewalls, and network-based and host-based intrusion detection systems (IDS). VMS delivers the industry's first robust and scalable architecture and feature set that addresses the needs of small and large-scale VPN and security deployments.

What's New?

VMS 2.1 includes four new security management and monitoring center modules:

  • Management Center for PIX Firewalls (PIX MC)
  • Management Center for IDS Sensors (IDS MC)
  • Monitoring Center for Security (Security Monitor)
  • Management Center for VPN Routers (Router MC)

In addition, the CSPM, Cisco IDS Host Sensor and Console, VPN Monitor, CD One, and Essentials modules include updates.

The following VMS 2.1 features improve scalability and ease-of-use for security management and monitoring center modules:

  • A common architecture that provides a consistent user experience—including common user interfaces, workflows, user roles, platforms, installation, and administer authentication based on a common Cisco Secure ACS server.
  • A new scalability feature, Auto Update, that allows numerous PIX Firewalls to be updated easily and quickly. Auto Update enables devices, even those remote devices with dynamic IP addresses, to check periodically with an update server and download the most up-to-date security policies.
  • Smart Rules Hierarchy enables administrators to define device groups and to implement policy inheritance, which enables policies to be replicated quickly to across multiple devices.
  • Command and Control Workflow enables separate groups control over network and security operations and provides distinct audit trails.
  • Role-Based Access Control enables organizations to offer different groups unique access rights to different devices and applications.

VMS 2.1 Bundle Contents

VMS 2.1 contains the VPN/Security Management Solution 2.1 Bundle Update, the Quick Start Guide for the VPN/Security Management Solution 2.1, and the following seven sub-boxes:

  • Cisco Secure Policy Manager—Contains the Cisco Secure Policy Manager for Firewalls and VPNs 3.1 CD.
  • Cisco IDS Host Sensor and Console—Contains the IDS Host Sensor and Console 2.5 CD.
  • CiscoWorks Common Services—Contains the Common Services 1.0 CD.
  • CiscoWorks Security Management Centers—Contains the Management Center for PIX Firewalls 1.0, Auto Update Server 1.0, Monitoring Center for Security and Management Center for IDS Sensors 1.0, and Management Center for VPN Routers 1.0 CDs.
  • CiscoWorks VPN Monitor—Contains the VPN Monitor 1.2 for Windows and Solaris CDs.
  • CiscoWorks CD One—Contains the CD One 5th Edition for Windows and Solaris CDs.
  • CiscoWorks Resource Manger Essentials—Contains the Resource Manager Essentials 3.4 for Windows and Solaris CDs.

The following table provides information about the product CDs and lists the associated content for each CD. For the complete list of paper and online documentation, see Documentation Roadmap.

Product CD  Enables you to....  Associated content.... 

Management Center for PIX Firewalls 1.0

Configure PIX Firewalls.
  • PIX MC product CD
  • Printed documentation
    • Release Notes

Management Center for IDS Sensors 1.0 and Monitoring Center for Security 1.0
  • Configure network-based IDS Sensors.
  • Monitor network-based and host-based IDS events and IOS and PIX Firewall syslogs.
  • IDS MC and Security Monitor product CDs
  • Printed documentation
    • Release Notes

Management Center for VPN Routers 1.0

Configure VPN routers.
  • Router MC product CD
  • Printed documentation
    • Release Notes

Auto Update Server 1.0

Pull configurations from update server.
  • AUS product CD
  • Printed Documentation
    • Release Notes

CiscoWorks Common Services 1.0

Provide common software and services for the Management Centers.
  • CiscoWorks Common Services product CD
  • Printed Documentation
    • Registration and Licensing Notes for Common Services
    • Release Notes

Cisco Secure Policy Manager 3.1

Configure PIX Firewalls, IOS firewalls, and VPNs.
  • CSPM product CD
  • Printed Documentation
    • Release Notes
  • CSPM License Disk—Provides the license to use CSPM. For information about the number of supported devices, see the device license label on the disk.

IDS Host Sensor and Console 2.5

Configure host-based IDS to protect critical servers.
  • Cisco IDS Host Sensor product CD
  • Printed documentation
    • Cisco Intrusion Detection System Host Sensor Registration
    • Release Notes

VPN Monitor 1.2

Monitor IPSec-based, site-to-site and remote access VPNs.
  • VPN Monitor product CD
  • Printed documentation
    • Release Notes

Resource Manager Essentials 3.4

Use operational management, such as software distribution, change audit, and syslog analysis.
  • Essentials product CD
  • Printed documentation
    • Release Notes

CD One, 5th Edition (CiscoView)

Use CiscoView for graphical device management.
  • CD One product CD
  • Printed documentation
    • Release Notes
Note   CiscoWor ks Common Services, CSPM, IDS MC, Security Monitor, Router MC, AUS, and PIX MC can be installed only on Windows 2000. The Cisco IDS Host Sensor Console can be installed on Windows 2000 and Windows NT servers. The Cisco IDS Host evaluation Agents can be installed on Windows 2000, Windows NT, and Solaris.