CSC Warning message at startup, Is this normal?

Unanswered Question
Jun 6th, 2007
User Badges:

During the bootup, I get a series of

...WARNING: CSC can ONLY scan TCP traffic that is destined to port 80 (HTTP), 25 (SMTP), 110 (POP3), or 21 (FTP) when configured. Any other type of traffic, ev

en if configured, will not be scanned.

*** Output from config line 387, " csc fail-open")

One for each port. I know the CSc fail-open is to pass the traffic if csc fails, but what about the rest of the message. ? Normal?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hoogen_82 Wed, 06/06/2007 - 09:06
User Badges:
  • Silver, 250 points or more

Yes its normal. Its just informing you that CSC-SSM module can scan only scan the specified traffic.

If any other traffic like https or if you are looking at scanning tftp traffic or some netbios traffic it won't be scanned by the csc module.

Your config for diverting the traffic through the CSC would look like:

access-list csc extended permit tcp any any eq ftp

access-list csc extended permit tcp any any eq www

access-list csc extended permit tcp any any eq https

access-list csc extended permit tcp any any eq pop3


class-map cscmap

match access-list csc


policy-map cscpolicy

class cscmap

csc fail-open


service-policy cscpolicy interface outside

service-policy cscpolicy interface inside



Do rate if this post helps :)

tahequivoice Wed, 06/06/2007 - 09:38
User Badges:

This one looks a bit different, it doesnt appear to use an ACL.

class-map FTP

match port tcp eq ftp

class-map http

match port tcp eq www

class-map SMTP

match port tcp eq smtp

class-map inspection_default

match default-inspection-traffic

class-map POP3

match port tcp eq pop3


policy-map inside-policy

class http

csc fail-open

class POP3

csc fail-open

class FTP

csc fail-open

class SMTP

csc fail-open

This was all done via the gui.


This Discussion