How to bypass CSC scanning in ASA

Unanswered Question
froggy3132000 Fri, 07/20/2007 - 12:22
User Badges:
  • Bronze, 100 points or more

Please post your solution. It could help someone else.


Thanks.

access-list cscTraffic extended deny ip host 192.168.10.254 any

access-list cscTraffic extended deny ip host 192.168.1.199 any

access-list cscTraffic extended permit tcp any any eq www

access-list cscTraffic extended permit tcp any any eq pop3

access-list cscTraffic extended permit tcp any any eq smtp

access-list cscTraffic extended permit tcp any any eq ftp

class-map global-class

match default-inspection-traffic

class-map csc-class

match access-list cscTraffic

!

!

policy-map global-policy

class global-class

inspect pptp

inspect ftp

class csc-class

csc fail-open

!

service-policy global-policy global



originally, I had this line

access-list cscTraffic extended deny ip host 192.168.1.199 any

at the end of my access-list, that's why it wasn't working since ACL in cisco goes by order. I put it back on the top and it's fine.

Hope it helps.

Actions

This Discussion