CSC SSM Multiple Context

Answered Question
Jan 17th, 2010

Hi,

I would like to know if the CSC SSM is supported on the Multiple Context mode on the ASA?

How is this achievable?

On my setup i have 2 different context, apparently 1 of my context are able to access to the CSC SSM.

Reason being, context 1 and the CSC SSM management ip are reachable.

On the other hand, context 2 and CSC SSM has no ip connection at all..

Is there any documents on Cisco that i could readup on?


Please advise.

Jocelyn

I have this problem too.
0 votes
Correct Answer by Kureli Sankar about 6 years 10 months ago

You don't have to have ip connectivity to the CSC from the second context.  Connectivity for the CSC module to the internet is for the module to get updates.  So long as it can go out to the internet through the one context that is good enough. The back plane traffic is seen by the CSC to be scanned and the MPF controls what traffic is actually scanned.

So, long as the context is configured to send traffic the CSC module will scan it.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html#wp1063309

A note in here says the followig:

When the adaptive security appliance operates in multiple context mode, the configure keyword is available only in the system context.

Besides that the admin guide for the CSC module doesn't talk about multiple context and I wouldn't expect it to either.

http://www.ciscosystems.ch/en/US/docs/security/csc/csc63/release/notes/cscrn631.html

-KS

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Kureli Sankar Mon, 01/18/2010 - 07:31

You don't have to have ip connectivity to the CSC from the second context.  Connectivity for the CSC module to the internet is for the module to get updates.  So long as it can go out to the internet through the one context that is good enough. The back plane traffic is seen by the CSC to be scanned and the MPF controls what traffic is actually scanned.

So, long as the context is configured to send traffic the CSC module will scan it.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html#wp1063309

A note in here says the followig:

When the adaptive security appliance operates in multiple context mode, the configure keyword is available only in the system context.

Besides that the admin guide for the CSC module doesn't talk about multiple context and I wouldn't expect it to either.

http://www.ciscosystems.ch/en/US/docs/security/csc/csc63/release/notes/cscrn631.html

-KS

J_Vansen_S Mon, 01/18/2010 - 19:00

Thanks for your reply.

I got it to work.

As what you said. There is no need for a IP connection to the other context.

Whatever applies to CSC applies to all context.

Regards: Jocelyn

Actions

This Discussion