«

hi,

i have an ASA-5520 system running here, featuring the Content Scanning
Module (CSC).

the module is up and running, software and subscription registered --
hoever, it doesn't scan emails (esmtp) or http traffic.

policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect http
inspect rsh
inspect rtsp
inspect sip
inspect skinny
inspect sqlnet
inspect tftp
inspect dns global_dns_map
inspect icmp
inspect icmp error
inspect esmtp
!
service-policy global_policy global

AFAICS, this should work. i read all the documentation on this issue,
but cannot see the problem.

i appreciate everyone helping getting the tomatoes off my eyes.

wbr,

barney

"Barney Brunswick" <> wrote in message
news:...
> hi,
>
> i have an ASA-5520 system running here, featuring the Content Scanning
> Module (CSC).
>
> the module is up and running, software and subscription registered --
> hoever, it doesn't scan emails (esmtp) or http traffic.
>
> policy-map global_policy
> class inspection_default
> inspect ftp
> inspect h323 h225
> inspect http
> inspect rsh
> inspect rtsp
> inspect sip
> inspect skinny
> inspect sqlnet
> inspect tftp
> inspect dns global_dns_map
> inspect icmp
> inspect icmp error
> inspect esmtp
> !
> service-policy global_policy global
>
> AFAICS, this should work. i read all the documentation on this issue, but
> cannot see the problem.
>
> i appreciate everyone helping getting the tomatoes off my eyes.
>
> wbr,
>
> barney

That is the global inspection policy applied to the ASA for all traffic.
That is not the CSC's inpsection policy nor is it configured to send to the
CSC. There is a link to the learning module how to do this about 1/2way down
the page here.
http://www.cisco.com/web/learning/le...ppliances.html

Do a search on the page for Anti-X Services

[udlooz]

get ready to start experiencing long delays to receive emails once you get it started scanning.

>> policy-map global_policy
>> class inspection_default
>> inspect ftp
>> inspect h323 h225
>> inspect http
>> inspect rsh
>> inspect rtsp
>> inspect sip
>> inspect skinny
>> inspect sqlnet
>> inspect tftp
>> inspect dns global_dns_map
>> inspect icmp
>> inspect icmp error
>> inspect esmtp
>> !
>> service-policy global_policy global
>>
>> AFAICS, this should work. i read all the documentation on this issue, but
>> cannot see the problem.
>>
>> i appreciate everyone helping getting the tomatoes off my eyes.
>>
>> wbr,
>>
>> barney
>
> That is the global inspection policy applied to the ASA for all traffic.
> That is not the CSC's inpsection policy nor is it configured to send to the
> CSC.

then cisco should rework their documentation on this; it clearly says
that it will scan all traffic by default that your user license covers...

> There is a link to the learning module how to do this about 1/2way down
> the page here.
> http://www.cisco.com/web/learning/le...ppliances.html
>
> Do a search on the page for Anti-X Services

thanks, that helped me (not the media itself, but taking some time off
its config file =.

"Barney Brunswick" <> wrote in message
news:...
>>> policy-map global_policy
>>> class inspection_default
>>> inspect ftp
>>> inspect h323 h225
>>> inspect http
>>> inspect rsh
>>> inspect rtsp
>>> inspect sip
>>> inspect skinny
>>> inspect sqlnet
>>> inspect tftp
>>> inspect dns global_dns_map
>>> inspect icmp
>>> inspect icmp error
>>> inspect esmtp
>>> !
>>> service-policy global_policy global
>>>
>>> AFAICS, this should work. i read all the documentation on this issue,
>>> but cannot see the problem.
>>>
>>> i appreciate everyone helping getting the tomatoes off my eyes.
>>>
>>> wbr,
>>>
>>> barney
>>
>> That is the global inspection policy applied to the ASA for all traffic.
>> That is not the CSC's inpsection policy nor is it configured to send to
>> the CSC.
>
> then cisco should rework their documentation on this; it clearly says that
> it will scan all traffic by default that your user license covers...
>
>> There is a link to the learning module how to do this about 1/2way down
>> the page here.
>> http://www.cisco.com/web/learning/le...ppliances.html
>>
>> Do a search on the page for Anti-X Services
>
> thanks, that helped me (not the media itself, but taking some time off its
> config file =.

The "getting started" for the CSC couldn't be clearer. It specifically tells
you that you need to divert the traffic from the ASA to the CSC. Maybe you
found a different doc? The getting started guides are typically the best for
initial setup.
http://www.cisco.com/en/US/products/...html#wp1043834