--===============2058102355==
Content-Type: multipart/alternative;
boundary="----=_Part_6154_6484079.1209753419341"

------=_Part_6154_6484079.1209753419341
Content-Type: text/plain; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Check out RANCID. http://www.shrubbery.net/rancid/

Aside from performing configuration monitoring and change notification,
there's a script used by RANCID named "clogin", which is capable of
automatically logging into a box and executing either a single command or a
script. This would probably fit your requirements in terms of making
changes on several boxes at once.

You'll need to have a system capable of running expect and CVS. It's also
CLI only as far as I know - so if you you're not comfortable in a CLI, this
package won't be for you. It's a solid product, and

>From their web page:


"RANCID monitors a router's (or more generally a device's) configuration,
including software and hardware (cards, serial numbers, etc) and uses CVS
(Concurrent Version System) or
Subversionto maintain history of
changes.

Rancid currently supports Cisco routers, Juniper routers, Catalyst switches=
,
Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and thus likely IRRd)=
,
Alteon switches, and HP Procurve switches and a host of others."


-John

On Wed, Apr 30, 2008 at 8:01 AM, Mike Davis wrote:

> This is my first posting so be gentle ;-)
>
>
>
> I have an environment that is all Cisco based firewalls for my edge
> protection and site to site vpns. I have a little over 100 remote sites
> running on ASA 5505's with an AES Tunnel to both the primary (HQ) and
> secondary (DR ) sites. It is working quite nicely and has been for years
> now but the problem I have is this=85 all my remote site firewalls are no=

t
> centrally managed in the sense that I can make one change in a console an=

d
> push it globally to all my remote firewalls so that when a change is
> required, I have to log into each and every one (I use SSH) and make the
> changes.
>
> I know that Cisco Security Manager will allow me to do that but at the 10=

0K
> pricetag I was quoted from Cisco with the blink of an eye=85 I just canno=

t put
> that into my budget.
>
>
>
> Does anyone know of or can recommend any freeware or low-cost-ware
> application that will allow me to monitor and make global config changes
> without having to SSH to each one? The ability to segregate into groups =

and
> manage based upon groups would certainly be a plus as well but not a
> requirement.
>
>
>
> Thanks in advance!
>
>
>
> *Mike Davis*
>
>
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailma...rewall-wizards
>
>



--=20
John Forrister
480-540-7325 (mobile)

------=_Part_6154_6484079.1209753419341
Content-Type: text/html; charset=WINDOWS-1252
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline


Check out RANCID.  rget=3D"_blank">http://www.shrubbery.net/rancid/
" size=3D"2">
Aside
from performing configuration monitoring and change notification,
there's a script used by RANCID named "clogin", which is capa=
ble of
automatically logging into a box and executing either a single command
or a script.  This would probably fit your requirements in terms of ma=
king changes on several boxes at once.


You'll need to have a system capable of running expect and CVS.&nbs=
p;
It's also CLI only as far as I know - so if you you're not comforta=
ble
in a CLI, this package won't be for you.  It's a solid product=
, and


From their web page:

"RANCID monitors a router's (or mo=
re generally a device's)
=09configuration, including software and hardware (cards, serial numbers,
=09etc) and uses CVS (Con=
current Version
=09System)
or k">Subversion
=09to maintain history of changes.
=09


Rancid currently supports Cisco routers, Ju=
niper routers, Catalyst
=09switches, Foundry switches, Redback NASs, ADC EZT3 muxes, MRTd (and
=09thus likely IRRd), Alteon switches, and HP Procurve switches and a
=09host of others."

;">

-John

=3D"gmail_quote">On Wed, Apr 30, 2008 at 8:01 AM, Mike Davis < "mailto:mdavis@gsp.net">mdavis@gsp.net> wrote:

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">












This is my first posting so be gentle ;-)



 



I have an environment that is all Cisco based firewalls for
my edge protection and site to site vpns.  I have a little over 100 re=
mote
sites running on ASA 5505's with an AES Tunnel to both the primary (HQ)
and secondary (DR ) sites.  It is working quite nicely and has been fo=
r
years now but the problem I have is this=85 all my remote site firewalls
are not centrally managed in the sense that I can make one change in a cons=
ole
and push it globally to all my remote firewalls so that when a change is
required, I have to log into each and every one (I use SSH) and make the
changes.



I know that Cisco Security Manager will allow me to do that
but at the 100K pricetag I was quoted from Cisco with the blink of an eye=
=85
I just cannot put that into my budget. 



 



Does anyone know of or can recommend any freeware or
low-cost-ware application that will allow me to monitor and make global con=
fig
changes without having to SSH to each one?  The ability to segregate i=
nto
groups and manage based upon groups would certainly be a plus as well but n=
ot a
requirement.



 



Thanks in advance!



 



Mike Davis



 









_______________________________________________

firewall-wizards mailing list

firewall-wizards@=
listserv.icsalabs.com


target=3D"_blank">https://listserv.icsalabs.com/mailma...nfo/firewall-=
wizards





--
John Forrister
4=
80-540-7325 (mobile)

------=_Part_6154_6484079.1209753419341--

--===============2058102355==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailma...rewall-wizards

--===============2058102355==--