|
|
Defining your network topology, policies, and administrative accounts are all important tasks that constitute the bulk of the procedures you must perform to customize your Cisco Secure Policy Manager system. The ability to export and import these configurations becomes increasingly more important as you build complex topologies and policies and find the need to duplicate these configurations across your Cisco Secure Policy Manager system. In addition, we discuss configuration procedures for an active standby server.
In this chapter, you will find the following topics, with accompanying procedures:
The Export to File command on the File menu enables you to export a copy of the current view of the GUI client to a location that you specify. The file created by the Export to File command is a "snapshot" of current settings made in the GUI client. This file does not contain a history of traffic that has occurred across your network or of any reports that have generated regarding the status and use of your network.
Export to File enables you to export a copy of the current view of the GUI client to a location that you specify. The view that is extracted and copied includes your entire network configuration, defined policies, and administrative accounts that you have added. The exported file does not contain a history of traffic that has occurred across your network or a history of any reports that generated regarding the status and use of your network.
An exported view of the GUI client can serve several purposes. For example, the Export to File command will be particularly useful should you need assistance from the Cisco Systems Technical Assistance Center (TAC). After you export a copy of your configurations, you can send the copy via e-mail to the TAC. Support personnel at the TAC can then review your configurations, make corrections or adjustments to them as necessary, and send the revised configurations to you via e-mail. Upon receiving the file from the TAC, you can use the Import from File command on the File menu to load the new configurations into the GUI client.
You can also export a copy of the current settings for use on a different implementation of Cisco Secure Policy Manager. You can use the exported copy to create duplicate configurations on another network or as a starting point from which to build a more extensive network policy.
 |
Caution If, during the current work session, you have renamed the administrative account under which you logged on to the GUI client, you will be unable to export a copy of the Cisco Secure Policy Manager settings. To do so, you will need to exit the GUI client and log on again. |
|
Caution If, during the current work session, you have renamed the administrative account under which you logged on to the GUI client, you will be unable to export a copy of the Cisco Secure Policy Manager settings. To do so, you will need to exit the GUI client and log on again. |
To export a copy of current settings to a file, perform the following task:
Result: The Export To dialog box appears.
Step 2 To specify the folder in which you want to store the exported data, you can either select a pre-existing folder or create a new folder.
To select a pre-existing folder, continue with Step 3. To create a new folder, skip to Step 5.
Step 3 To specify the drive on which the folder resides, select that drive letter in the Save in list box.
Step 4 To specify the folder to which you want to export a copy of the Cisco Secure Policy Manager settings, select that folder and click Open.
Skip to Step 8.
Step 5 To create a new folder, specify the letter of the drive on which you want to create the folder in the Save in list box, and click the Create New Folder icon.
Step 6 To specify the name of the new folder, type the name in the selected New Folder box, and then press Enter.
Step 7 To accept your selection of folder, click Open in the Export To dialog box.
Step 8 To specify the filename of the exported copy, type the name in the File name box in the Export To dialog box.
Step 9 To continue with the Export to File operation, click Save in the Export To dialog box.
A copy of your current settings, as viewed in the GUI client, is exported and saved to the drive and file that you specified. The extension .cpm is automatically added to the filename that you specified.
The Import from File command on the File menu enables you to import a copy of the Cisco Secure Policy Manager settings that was previously exported and saved to a known location. The imported file is a "snapshot" of settings viewed in the GUI client at the time they were exported to a file and any modifications that were later made to the exported file. This file does not contain a history of the traffic that occurred across the network or a history of any reports that were generated regarding the status and use of the network to which the imported settings were applied.
The Import from File command on the File menu enables you to import a copy of the Cisco Secure Policy Manager settings that were previously exported and saved to a known location.
 |
Note The exported file is a "snapshot" of settings viewed in the GUI client at the time they were exported to a file. |
The view that is imported includes network configurations, defined policies, and administrative accounts. The imported file does not contain a history of traffic that occurred across the network or of any reports that were generated regarding the status and use of the network to which the imported settings were applied.
An imported view of the GUI client can serve several purposes. The Import from File command will be particularly useful should you need assistance from the Cisco Systems TAC. For example, you can use the Export to File command on the File menu to export a copy of your configurations. You can then send that copy via e-mail to the TAC. Support personnel at the TAC can review your configurations, make corrections or adjustments to them as necessary, and send the revised configurations to you via e-mail. Upon receiving the file from the TAC, you can use the Import from File command to load the new configurations into the GUI client.
You can also import a previously exported file into a different Cisco Secure Policy Manager to duplicate the configurations on another network or to use those configurations as a starting point from which to build a more extensive network policy.
|
Note There are a couple key points to remember when using the Import from File command. First of all, the file you import is a "snapshot" of settings viewed in the GUI client at the time they were exported to a file. Second, new services are often added between releases of Cisco Secure Policy Manager. Therefore, if you import a *.cpm file from a previous release, you must use the Network Services Library to reinstall any features that were not supported by the previous release. For example, the 1.1 version of Cisco Security Manager did not support the IPSec AH and ESP services now available in the 2.0 version of Cisco Secure Policy Manager. If you import a 1.x *.cpm file into a Cisco Secure Policy Manager 2.0 system, you must reinstall the IPSec AH and ESP services. |
To import a copy of Cisco Secure Policy Manager settings from a file, perform the following task:
You will be prompted to save updated data if you have not already done so.
Step 2 To save updated data, click Yes in the Cisco Secure Policy Manager dialog box.
Result: The Import From dialog box appears.
Step 3 To specify the letter of the drive on which the copy to be imported resides, select that drive in the Look in list box in the Import From dialog box.
Step 4 To specify the file that you want to import, select that file.
Result: The filename of the file you selected appears in the File name box.
Step 5 To import the file that you selected, click Open in the Import From dialog box.
The GUI client is refreshed to reflect the settings that were contained in the imported file. If the imported file includes an administrative account with a username that is the same as the one under which you are currently logged on to the GUI client, Cisco Secure Policy Manager will retain the original account and rename the imported account as your username (imported).
If you have a standalone Cisco Secure Policy Manager system, you can configure a standby server that enables you to swap the Cisco Secure Policy Manager responsibilities between the two servers in the event of hardware failures or other technical problems on the main server. The configuration of your standby server is determined by an exported copy of your main server's configuration, as described in Exporting a Copy of Current Settings to a File.
If you have a standalone Cisco Secure Policy Manager system, you can configure a standby server that enables you to swap the Cisco Secure Policy Manager responsibilities between the two servers in the event of hardware failures or other technical problems on the main server. This section explains what you must do to create a standby server.
The following procedure outlines the steps required to configure a standby server for a standalone Cisco Secure Policy Manager installation.
To define a shortcut to an existing network manually, perform the following task:
Step 2 Configure the standalone Cisco Secure Policy Manager server to enforce the desired security policies.
Step 3 Export the *.cpm file from the standalone Cisco Secure Policy Manager server.
|
Note See Exporting a Copy of Current Settings to a File for detailed procedures on using the Export to File command. |
Step 4 Copy the *cpm file into the root directory for Cisco Secure Policy Manager on the target standby server.
Step 5 Start the GUI on the standby server in file mode. To start the GUI in file mode, you must create a new shortcut to the GUI that includes the "-file filename" option at the end of the target command. The following is an example value for the Target box:
"D:\Program Files\Cisco Systems\Cisco Secure Policy Manager\bin\cfmi.exe" -file hotswap.cpm.
Step 6 In the Start in box, remove the bin option at the end of the line, for example
"D:\Program Files\Cisco Systems\Cisco Secure Policy Manager"
Step 7 Change the name and the IP address of the Cisco Secure Policy Manager host in the Network Topology tree and save your changes to the file. This changes all references to the previous host name except for the name of the automatically generated policy.
Step 8 Start the GUI on the standby server in database mode (do not use the file mode shortcut; instead, use the normal shortcut on the Start menu).
Step 9 Import the edited *.cpm file from the root directory into the GUI on the standby server and save your changes using the Save command on the File menu.
|
Note See Importing a Copy of Settings from a File, for detailed procedures on using the Import to File command. |
|
Caution Do not perform a Save and Update operation. This operation will switch between the two servers and prevent your standalone Cisco Secure Policy Manager server from configuring the Policy Enforcement Point. Instead, you should only perform a Save and Update operation when you actually want to switch between the two servers. |
Posted: Thu May 25 13:51:10 PDT 2000
Copyright 1989 - 2000©Cisco Systems Inc.