CSC on ASA stopped working...

Unanswered Question
Aug 10th, 2007
User Badges:

Hi there,


I am having an issue with CSC, it was configured for http filtering, working fine for a while but now it allows to open all websites, even company prohibited ones!


Here are my configs:


access-list csc_out_ING_NETOPS extended permit tcp 10.16.170.0 255.255.255.0 any eq ftp

access-list csc_out_ING_NETOPS extended permit tcp 10.16.170.0 255.255.255.0 any eq smtp

access-list csc_out_ING_NETOPS extended permit tcp 10.16.170.0 255.255.255.0 any eq www

access-list csc_out_ING_NETOPS extended permit tcp 10.16.170.0 255.255.255.0 any eq pop3

access-list csc_in extended permit tcp any 10.16.170.0 255.255.255.0 eq ftp

access-list csc_in extended permit tcp any 10.16.170.0 255.255.255.0 eq smtp

access-list csc_in extended permit tcp any 10.16.170.0 255.255.255.0 eq www

access-list csc_in extended permit tcp any 10.16.170.0 255.255.255.0 eq pop3


class-map csc_outbound_class_ING_NETOPS

match access-list csc_out_ING_NETOPS

class-map csc_inbound_class

match access-list csc_in


policy-map csc_out_policy_ING_NETOPS

class csc_outbound_class_ING_NETOPS

csc fail-open


policy-map csc_in_policy

class csc_inbound_class

csc fail-open


service-policy csc_out_policy_ING_NETOPS interface ING_NETOPS

service-policy csc_in_policy interface Internet



I can see hits on csc_out_ING_NETOPS access list, if i go to asdm and open Content Security page I am seeing these prohibited websites categorized correctly, the treat summary counter increases as well. However, I am able to open the website.


Has anyone had similar issue in the past?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Anonymous (not verified) Thu, 08/16/2007 - 09:36
User Badges:

First remove and reconfigure the access list. If that doesnt work upgarde ASA


mherald Mon, 08/20/2007 - 08:58
User Badges:

I have a CSC that is giving me a few fits as well. I have been working with TAC as well. Thier reccomendation was to upgrade the CSC to 6.2 code. What code are you at on the CSC specifically and on the ASA?


When you enable the CSC to automatically upgrade, it seems to upgrade itself and reload the application, which at times, especially when busy, unstable. Turn that down to once a day.


I had upgraded twice in the 6.1 train and that didnt seem to do the trick. At 6.2, things appear stable.

Actions

This Discussion