ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    HELP! Cisco vManage, vBond, vSmart certificates expiring

    IT Discussion
    3
    3
    374
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      srsmith
      last edited by

      Knowing nothing about Cisco vManage, I've dropped the ball and am thinking we have a pretty major issue about to occur that I have no idea how to resolve.

      Long story short, the MSP that managed the Cisco SD-WAN that we use was fired and everything they managed was dumped on me. Very little documentation was left, and nothing was really explained to me. Networking is not my strong point, and I am highly unfamiliar with Cisco stuff, so this is completely out of my comfort zone.

      Fast forward to today. I was trying to figure something out, finally found working credentials for our Cisco vManage, logged in, and noticed that it says there are 5 certificate warnings. Looking at the details, it says that all 5 vManage, vBond, and vSmart certificates expire Feb 19 23:19:00 2023 GMT.

      I can't find any record of us having any kind of support contract with Cisco; my guess is that we don't.

      I am completely unfamiliar with this stuff, and how all of this was setup wasn't explained to me, so I had no idea that this was something that I had to do anything with. Once the certificates expire, will we lose all connectivity? If so, what can I do to fix this and prevent loss of connectivity? Or are we screwed and will experience a loss of connectivity no matter what I do at this point?

      scottalanmillerS 1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller @srsmith
        last edited by

        @srsmith Sorry, I never saw this thread. In this case, the first thing that I'd do is consider ripping everything out and going with something better suited (we presume) that you can manage yourself. Cisco is a red flag product, generally sold by VARs pretending to be MSPs to lock you into high cost support needs, licensing contracts, and to sell scams like SD-WAN (generally all they are selling is a VPN that they brand as something else). Things you can generally do BETTER for next to nothing yourself, with less effort. If you DO need someone to do it for you, an ITSP will normally handle all of this for peanuts and provide the expertise your team needs to be able to ask networking and security questions, without being sales people pushing bad products to make you need more support.

        Rip and replace is almost always the answer in this kind of scenario. In the end you don't want to end up with Cisco gear or an SD-WAN or some remotely managed network that can extort you. If you need management of your networking, have them manage YOUR networking. Don't make a vendor own part of your company network, that's a terrible idea.

        S 1 Reply Last reply Reply Quote 1
        • S
          srsmith @scottalanmiller
          last edited by

          @scottalanmiller Apologies for lack of response, I simply haven't had the time to respond during the day lately, and I forget to check this site when I get home.

          This issue has thankfully been resolved since posting. The MSP that installed this stuff was able to submit a ticket to Cisco, and the problem was resolved within 2 hours of doing so. This specific issue shouldn't happen again for a while since the certificates are good for 3 years I believe.

          I appreciate your input though, as I have been seriously wondering if we might be better off getting rid of all the Cisco stuff that the MSP installed. Unfortunately, it seems like Cisco was their brand of choice: switches, routers, wireless APs, ASA firewalls, AnyConnect for VPN. I believe there is even an old Cisco UCS server at one location; thankfully, it looks like it is currently only used as a shelf for a Synology NAS stacked on top of a tower server laying on its side.

          I believe this SD-WAN was put in place under the facade of being easier to manage and more reliable, which is the opposite of what I have experienced so far. Would it not be easier / simpler to use standard IPsec tunnels configured through functionality that exists in pretty much every decent router available today? Similarly, wouldn't it be easier / simpler to use something like Wireguard or OpenVPN instead of AnyConnect?

          I'm not a fan of Cisco myself, and used to use EdgeRouter, EdgeSwitch, and UniFi hardware prior to us being acquired and "upgraded" to Cisco hardware. It was cheap, easy to manage, and reliable enough for our needs. I would love to go this route again, or use a similar brand, but I'm not sure the owners and upper management would even consider it since what we have now "works".

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post