Cisco Secure Policy Manager

Cisco Secure Policy Manager

Data Sheet

Cisco Secure Policy Manager Version 3.1

Figure 1
Cisco Secure Policy Manager provides a powerful and innovative way to create and manage end-to-end network security policies.


Cisco Secure Policy Manager 3.1 (CSPM) is a component of the CiscoWorks VPN/Security Management Solution (VMS). It provides policy-based security management for Cisco PIX Firewalls and IP Security (IPSec) virtual private network (VPN) routers. CSPM is used to define, distribute, enforce, and audit network-wide security policies from a central location. Cisco Secure Policy Manager also provides system auditing, including real-time alarm notification and web-based reporting.

Features and Benefits

  • Topology-aware firewall management—Defines perimeter security policies for Cisco PIX Firewalls and Cisco IOS® routers running the firewall feature set

  • VPN gateway management— Configures site-to-site IPSec VPNs based on Cisco PIX Firewalls and the Cisco suite of VPN routers running Cisco IOS IPSec software

  • Configuration import —Discovers topology and import end-to-end security polices from global Cisco PIX and Cisco IOS security networks

  • Syslog reporting system—Provides web-based auditing tools to monitor and report on Cisco security devices and policy activities.

New Cisco Secure Policy Manager 3.1 Features

  • Windows 2000 Server and Workstation

  • Cisco IOS Software releases:
    12.1(10), 12.1(11), 12.1(8)E, 12.1(9)E, 12.1(10)E, 12.2(5), 12.2(4)T

Policy Definition

With CSPM, network security administrators can visually create high-level security policies based upon business objectives. Policy definition capabilities include the following:

  • Ability to create security policies that define supported and denied services for Cisco PIX Firewalls and Cisco routers running the firewall feature set

  • Ability to create security policies that enable site-to-site IPSec VPNs between Cisco PIX Firewalls and Cisco VPN routers running the Cisco IOS IPSec software. Customizable IPSec tunnel templates and peer groups are provided to expedite VPN policy deployment

  • Easy Network Address Translation (NAT) management to dramatically improve network integrity and confidentiality

Figure 2
Easy-to Use Rule Table for Security Policies

Policy Enforcement

Cisco Secure Policy Manager provides a wizard to easily create a network topology and identify where policies should be enforced. A drag-and-drop process allows security policies to be applied to firewalls and VPN routers throughout a network. Policy Enforcement capabilities include the following:

  • Automated translation of network policies into the specific command-line configurations for the appropriate Cisco firewalls and VPN routers

  • Consistency checking to verify the integrity and correct configuration of the managed network topology, defined security policies and generated configurations

  • Support for automatic and manual policy distribution

  • Support for secure configuration of remote firewalls and routers (IPSec)

Policy Auditing

Cisco Secure Policy Manager provides a web-based auditing system that logs, monitors, and reports security policy events. Cisco router and firewall events are generated via syslog and are received, filtered, and logged within CSPM or can be directed to other consoles.

Topology and Configuration Import of Existing Security Networks

Cisco Secure Policy Manager supports a configuration import tool. The configuration import tool allows users to simply specify a list of devices that they would like to be managed. Once devices are selected, it creates the network topology and populates the security policies from the rule-table. Users can import individually-entered security policies to the centrally managed rules table.

Figure 3
Configuration Import Tool

Device Support

Cisco Secure Policy Manager performance depends upon the following factors:

  • Number of managed devices and interfaces

  • Size and complexity of network policies, configurations, and topology

  • CPU/resource speed of the host system


Software Version Supported

Cisco PIX Firewall

4.2.4, 4.2.5, 4.4.x

5.1.2, 5.2.1, 5.3.x

6.0.x, 6.1.x

Cisco IOS Router

12.0(5)T, 12.0(5)XE5 12.0(7)T

12.1(1), 12.1(1)T, 12.1(1)E, 12.1(1)XC, 12.1(2), 12.1(2)T, 12.1(2)XH, 12.1(3), 12.1(3)T, 2.1(3)XI, 12.1(4), 12.1(4)T, 12.1(4)E, 12.1(5), 12.1(5)T, 12.1(6), 12.1(6)E, 12.1(7), 12.1(7)E, 12.1(8), 12.1(8)E, 12.1(9), 12.1(9)E, 12.1(10),12.1(11), 12.1(10)E

12.2(1), 12.2(2)T, 12.2(3), 12.2(5), 12.2(4)T

System Requirements

Cisco Secure Policy Manager is supported on Windows 2000 systems only. For detailed hardware and operating requirements, refer to the CiscoWorks VMS Product Overview at .

Ordering Information

Cisco Secure Policy Manager 3.1 for Cisco Firewalls is available exclusively as part of the CiscoWorks VPN/Security Management Solution. For ordering details, refer to the CiscoWorks VMS Product Bulletin at .

For More Information

Please reference for more information about CiscoWorks VMS, or email