CSC Warning message at startup, Is this normal?

tahequivoice · ‎06-06-2007

During the bootup, I get a series of

...WARNING: CSC can ONLY scan TCP traffic that is destined to port 80 (HTTP), 25 (SMTP), 110 (POP3), or 21 (FTP) when configured. Any other type of traffic, ev

en if configured, will not be scanned.

*** Output from config line 387, " csc fail-open")

One for each port. I know the CSc fail-open is to pass the traffic if csc fails, but what about the rest of the message. ? Normal?

hoogen_82 · ‎06-06-2007

Yes its normal. Its just informing you that CSC-SSM module can scan only scan the specified traffic.

If any other traffic like https or if you are looking at scanning tftp traffic or some netbios traffic it won't be scanned by the csc module.

Your config for diverting the traffic through the CSC would look like:

access-list csc extended permit tcp any any eq ftp

access-list csc extended permit tcp any any eq www

access-list csc extended permit tcp any any eq https

access-list csc extended permit tcp any any eq pop3

!

class-map cscmap

match access-list csc

!

policy-map cscpolicy

class cscmap

csc fail-open

!

service-policy cscpolicy interface outside

service-policy cscpolicy interface inside

!

-Hoogen

Do rate if this post helps :)

tahequivoice · ‎06-06-2007

This one looks a bit different, it doesnt appear to use an ACL.

class-map FTP

match port tcp eq ftp

class-map http

match port tcp eq www

class-map SMTP

match port tcp eq smtp

class-map inspection_default

match default-inspection-traffic

class-map POP3

match port tcp eq pop3

!

policy-map inside-policy

class http

csc fail-open

class POP3

csc fail-open

class FTP

csc fail-open

class SMTP

csc fail-open

This was all done via the gui.