Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > ASA's CSC module not scanning traffic

Reply
Thread Tools

ASA's CSC module not scanning traffic

 
 
Barney Brunswick
Guest
Posts: n/a
 
      03-28-2007
hi,

i have an ASA-5520 system running here, featuring the Content Scanning
Module (CSC).

the module is up and running, software and subscription registered --
hoever, it doesn't scan emails (esmtp) or http traffic.

policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect http
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect tftp
inspect dns global_dns_map
inspect icmp
inspect icmp error
inspect esmtp
!
service-policy global_policy global

AFAICS, this should work. i read all the documentation on this issue,
but cannot see the problem.

i appreciate everyone helping getting the tomatoes off my eyes.

wbr,

barney
 
Reply With Quote
 
 
 
 
Brian V
Guest
Posts: n/a
 
      03-28-2007

"Barney Brunswick" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> hi,
>
> i have an ASA-5520 system running here, featuring the Content Scanning
> Module (CSC).
>
> the module is up and running, software and subscription registered --
> hoever, it doesn't scan emails (esmtp) or http traffic.
>
> policy-map global_policy
> class inspection_default
> inspect ftp
> inspect h323 h225
> inspect http
> inspect rsh
> inspect rtsp
> inspect sip
> inspect skinny
> inspect sqlnet
> inspect tftp
> inspect dns global_dns_map
> inspect icmp
> inspect icmp error
> inspect esmtp
> !
> service-policy global_policy global
>
> AFAICS, this should work. i read all the documentation on this issue, but
> cannot see the problem.
>
> i appreciate everyone helping getting the tomatoes off my eyes.
>
> wbr,
>
> barney


That is the global inspection policy applied to the ASA for all traffic.
That is not the CSC's inpsection policy nor is it configured to send to the
CSC. There is a link to the learning module how to do this about 1/2way down
the page here.
http://www.cisco.com/web/learning/le...ppliances.html

Do a search on the page for Anti-X Services


 
Reply With Quote
 
 
 
 
udlooz udlooz is offline
Junior Member
Join Date: Mar 2007
Posts: 5
 
      03-28-2007
get ready to start experiencing long delays to receive emails once you get it started scanning.
 
Reply With Quote
 
Barney Brunswick
Guest
Posts: n/a
 
      03-29-2007
>> policy-map global_policy
>> class inspection_default
>> inspect ftp
>> inspect h323 h225
>> inspect http
>> inspect rsh
>> inspect rtsp
>> inspect sip
>> inspect skinny
>> inspect sqlnet
>> inspect tftp
>> inspect dns global_dns_map
>> inspect icmp
>> inspect icmp error
>> inspect esmtp
>> !
>> service-policy global_policy global
>>
>> AFAICS, this should work. i read all the documentation on this issue, but
>> cannot see the problem.
>>
>> i appreciate everyone helping getting the tomatoes off my eyes.
>>
>> wbr,
>>
>> barney

>
> That is the global inspection policy applied to the ASA for all traffic.
> That is not the CSC's inpsection policy nor is it configured to send to the
> CSC.


then cisco should rework their documentation on this; it clearly says
that it will scan all traffic by default that your user license covers...

> There is a link to the learning module how to do this about 1/2way down
> the page here.
> http://www.cisco.com/web/learning/le...ppliances.html
>
> Do a search on the page for Anti-X Services


thanks, that helped me (not the media itself, but taking some time off
its config file =.
 
Reply With Quote
 
Brian V
Guest
Posts: n/a
 
      03-29-2007

"Barney Brunswick" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>>> policy-map global_policy
>>> class inspection_default
>>> inspect ftp
>>> inspect h323 h225
>>> inspect http
>>> inspect rsh
>>> inspect rtsp
>>> inspect sip
>>> inspect skinny
>>> inspect sqlnet
>>> inspect tftp
>>> inspect dns global_dns_map
>>> inspect icmp
>>> inspect icmp error
>>> inspect esmtp
>>> !
>>> service-policy global_policy global
>>>
>>> AFAICS, this should work. i read all the documentation on this issue,
>>> but cannot see the problem.
>>>
>>> i appreciate everyone helping getting the tomatoes off my eyes.
>>>
>>> wbr,
>>>
>>> barney

>>
>> That is the global inspection policy applied to the ASA for all traffic.
>> That is not the CSC's inpsection policy nor is it configured to send to
>> the CSC.

>
> then cisco should rework their documentation on this; it clearly says that
> it will scan all traffic by default that your user license covers...
>
>> There is a link to the learning module how to do this about 1/2way down
>> the page here.
>> http://www.cisco.com/web/learning/le...ppliances.html
>>
>> Do a search on the page for Anti-X Services

>
> thanks, that helped me (not the media itself, but taking some time off its
> config file =.


The "getting started" for the CSC couldn't be clearer. It specifically tells
you that you need to divert the traffic from the ASA to the CSC. Maybe you
found a different doc? The getting started guides are typically the best for
initial setup.
http://www.cisco.com/en/US/products/...html#wp1043834


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OPENing in CSC :CSC Referral Program conducted at Noida on 24th May Anupam Singh Java 0 05-22-2008 06:00 AM
Traffic scanning with ASA-5520 and CSC module Barney Powers Cisco 0 05-23-2007 07:34 AM
asa5520 csc-ssm module http service policy problem BUG janfdg76@gmail.com Cisco 1 02-18-2007 04:21 PM
Problem creating Microsoft.Web.UI.WebControls.dll a/c csc.exe "not found" Richard Lionheart ASP .Net Web Controls 4 09-16-2005 03:00 AM
Problem creating Microsoft.Web.UI.WebControls.dll a/c csc.exe "not found" Richard Lionheart ASP .Net 5 09-16-2005 03:00 AM



Advertisments