An engineer is using Cisco Security Manager and is using default ports configuration. What port must be open to connect the Cisco Security Manager Client to an
ASA?
A. 21
B. 22
C. 80
D. 443
Correct Answer: D
Explanation/Reference:
Explanation:
Security Manager can use these transport protocols:
SSL (HTTPS)–Secure Socket Layer, which is an HTTPS connection, is the only transport protocol used with PIX Firewalls, Adaptive Security Appliances (ASA), and Firewall Services Modules (FWSM). It is also the default protocol for IPS devices and for routers running Cisco IOS Software release 12.3 or higher.
If you use SSL as the transport protocol on Cisco IOS routers, you must also configure SSH on the routers. Security Manager uses SSH connections to handle interactive command deployments during SSL deployments.
Cisco Security Manager was using OpenSSL for the Transport Layer Security (TLS) and Secure
Sockets Layer (SSL) protocols. Beginning with version 4.13, Cisco Security Manager replaced
OpenSSL version 1.0.2 with Cisco SSL version 6.x. Cisco SSL enables FIPS compliance over full FIPS Validation which results in fast and cost-effective connectivity. The Common Criteria mode in Cisco SSL allows easier compliance. Cisco SSL is feature-forward when compared to OpenSSL. The product
Security Baseline (PSB) requirements for Cisco SSL ensures important security aspects such as credential and key management, cryptography standards, antispoofing capabilities, integrity and tamper protection, and session, data, and stream management and administration are taken care of.
SSH–Secure Shell is the default transport protocol for Catalyst switches and Catalyst 6500/7600 devices. You can also use it with Cisco IOS routers.
Telnet–Telnet is the default protocol for routers running Cisco IOS software releases 12.1 and 12.2. You can also use it with Catalyst switches, Catalyst 6500/7600 devices, and routers running Cisco IOS Software release 12.3 and higher. See the Cisco IOS software documentation for configuring Telnet.
HTTP–You can use HTTP instead of HTTPS (SSL) with IPS devices. HTTP is not the default protocol for any device type.
TMS–Token Management Server is treated like a transport protocol in Security Manager, but it is not a real transport protocol. Instead, by configuring TMS as the transport protocol of a router, you are telling Security Manager to deploy configurations to a TMS. From the TMS, you can download the configuration to an eToken, plug the eToken into the router’s USB bus, and update the configuration. TMS is available only for certain routers running Cisco IOS Software 12.3 or higher.
Security Manager can also use indirect methods to deploy configurations to devices, staging the configuration on a server that manages the deployment to the devices. These indirect methods also allow you to use dynamic IP addresses on your devices. The methods are not treated as transport protocols, but as adjuncts to the transport protocol for the device. You can use these indirect methods:
AUS (Auto Update Server)–When you add a device to Security Manager, you can select the AUS server that is managing it. You can use AUS with PIX Firewalls and ASA devices.
Configuration Engine–When you add a router to Security Manager, you can select the Configuration Engine that is managing it.
Explanation/Reference:
Explanation:
Security Manager can use these transport protocols:
SSL (HTTPS)–Secure Socket Layer, which is an HTTPS connection, is the only transport protocol used with PIX Firewalls, Adaptive Security Appliances (ASA), and Firewall Services Modules (FWSM). It is also the default protocol for IPS devices and for routers running Cisco IOS Software release 12.3 or higher.
If you use SSL as the transport protocol on Cisco IOS routers, you must also configure SSH on the routers. Security Manager uses SSH connections to handle interactive command deployments during SSL deployments.
Cisco Security Manager was using OpenSSL for the Transport Layer Security (TLS) and Secure
Sockets Layer (SSL) protocols. Beginning with version 4.13, Cisco Security Manager replaced
OpenSSL version 1.0.2 with Cisco SSL version 6.x. Cisco SSL enables FIPS compliance over full FIPS Validation which results in fast and cost-effective connectivity. The Common Criteria mode in Cisco SSL allows easier compliance. Cisco SSL is feature-forward when compared to OpenSSL. The product
Security Baseline (PSB) requirements for Cisco SSL ensures important security aspects such as credential and key management, cryptography standards, antispoofing capabilities, integrity and tamper protection, and session, data, and stream management and administration are taken care of.
SSH–Secure Shell is the default transport protocol for Catalyst switches and Catalyst 6500/7600 devices. You can also use it with Cisco IOS routers.
Telnet–Telnet is the default protocol for routers running Cisco IOS software releases 12.1 and 12.2. You can also use it with Catalyst switches, Catalyst 6500/7600 devices, and routers running Cisco IOS Software release 12.3 and higher. See the Cisco IOS software documentation for configuring Telnet.
HTTP–You can use HTTP instead of HTTPS (SSL) with IPS devices. HTTP is not the default protocol for any device type.
TMS–Token Management Server is treated like a transport protocol in Security Manager, but it is not a real transport protocol. Instead, by configuring TMS as the transport protocol of a router, you are telling Security Manager to deploy configurations to a TMS. From the TMS, you can download the configuration to an eToken, plug the eToken into the router’s USB bus, and update the configuration. TMS is available only for certain routers running Cisco IOS Software 12.3 or higher.
Security Manager can also use indirect methods to deploy configurations to devices, staging the configuration on a server that manages the deployment to the devices. These indirect methods also allow you to use dynamic IP addresses on your devices. The methods are not treated as transport protocols, but as adjuncts to the transport protocol for the device. You can use these indirect methods:
AUS (Auto Update Server)–When you add a device to Security Manager, you can select the AUS server that is managing it. You can use AUS with PIX Firewalls and ASA devices.
Configuration Engine–When you add a router to Security Manager, you can select the Configuration Engine that is managing it.