Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
738
Views
0
Helpful
2
Replies

CSC SSM Multiple Context

Go to solution
J_Vansen_S
Level 3
Level 3

‎01-17-2010 09:52 PM - edited ‎03-11-2019 09:58 AM

Hi,

I would like to know if the CSC SSM is supported on the Multiple Context mode on the ASA?

How is this achievable?

On my setup i have 2 different context, apparently 1 of my context are able to access to the CSC SSM.

Reason being, context 1 and the CSC SSM management ip are reachable.

On the other hand, context 2 and CSC SSM has no ip connection at all..

Is there any documents on Cisco that i could readup on?


Please advise.

Jocelyn

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎01-18-2010 07:31 AM

You don't have to have ip connectivity to the CSC from the second context.  Connectivity for the CSC module to the internet is for the module to get updates.  So long as it can go out to the internet through the one context that is good enough. The back plane traffic is seen by the CSC to be scanned and the MPF controls what traffic is actually scanned.

So, long as the context is configured to send traffic the CSC module will scan it.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html#wp1063309

A note in here says the followig:

When the adaptive security appliance operates in multiple context mode, the configure keyword is available only in the system context.

Besides that the admin guide for the CSC module doesn't talk about multiple context and I wouldn't expect it to either.

http://www.ciscosystems.ch/en/US/docs/security/csc/csc63/release/notes/cscrn631.html

-KS

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Kureli Sankar
Cisco Employee
Cisco Employee

‎01-18-2010 07:31 AM

You don't have to have ip connectivity to the CSC from the second context.  Connectivity for the CSC module to the internet is for the module to get updates.  So long as it can go out to the internet through the one context that is good enough. The back plane traffic is seen by the CSC to be scanned and the MPF controls what traffic is actually scanned.

So, long as the context is configured to send traffic the CSC module will scan it.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html#wp1063309

A note in here says the followig:

When the adaptive security appliance operates in multiple context mode, the configure keyword is available only in the system context.

Besides that the admin guide for the CSC module doesn't talk about multiple context and I wouldn't expect it to either.

http://www.ciscosystems.ch/en/US/docs/security/csc/csc63/release/notes/cscrn631.html

-KS

0 Helpful

Go to solution
J_Vansen_S
Level 3
Level 3
In response to Kureli Sankar

‎01-18-2010 07:00 PM

Thanks for your reply.

I got it to work.

As what you said. There is no need for a IP connection to the other context.

Whatever applies to CSC applies to all context.

Regards: Jocelyn

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card