01-17-2010 09:52 PM - edited 03-11-2019 09:58 AM
Hi,
I would like to know if the CSC SSM is supported on the Multiple Context mode on the ASA?
How is this achievable?
On my setup i have 2 different context, apparently 1 of my context are able to access to the CSC SSM.
Reason being, context 1 and the CSC SSM management ip are reachable.
On the other hand, context 2 and CSC SSM has no ip connection at all..
Is there any documents on Cisco that i could readup on?
Please advise.
Jocelyn
Solved! Go to Solution.
01-18-2010 07:31 AM
You don't have to have ip connectivity to the CSC from the second context. Connectivity for the CSC module to the internet is for the module to get updates. So long as it can go out to the internet through the one context that is good enough. The back plane traffic is seen by the CSC to be scanned and the MPF controls what traffic is actually scanned.
So, long as the context is configured to send traffic the CSC module will scan it.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html#wp1063309
A note in here says the followig:
When the adaptive security appliance operates in multiple context mode, the configure keyword is available only in the system context.
Besides that the admin guide for the CSC module doesn't talk about multiple context and I wouldn't expect it to either.
http://www.ciscosystems.ch/en/US/docs/security/csc/csc63/release/notes/cscrn631.html
-KS
01-18-2010 07:31 AM
You don't have to have ip connectivity to the CSC from the second context. Connectivity for the CSC module to the internet is for the module to get updates. So long as it can go out to the internet through the one context that is good enough. The back plane traffic is seen by the CSC to be scanned and the MPF controls what traffic is actually scanned.
So, long as the context is configured to send traffic the CSC module will scan it.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html#wp1063309
A note in here says the followig:
When the adaptive security appliance operates in multiple context mode, the configure keyword is available only in the system context.
Besides that the admin guide for the CSC module doesn't talk about multiple context and I wouldn't expect it to either.
http://www.ciscosystems.ch/en/US/docs/security/csc/csc63/release/notes/cscrn631.html
-KS
01-18-2010 07:00 PM
Thanks for your reply.
I got it to work.
As what you said. There is no need for a IP connection to the other context.
Whatever applies to CSC applies to all context.
Regards: Jocelyn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide