09-07-2010 10:14 AM - edited 02-21-2020 04:04 AM
Hi all,
I've recently installed CSM 3.3.1 with SP1 and SP2 and I've encountered quite serious (for me) problem. Has anyone met strange situations after installing service packs?
When I discover new device (i.e. router with 15.1 ios version) and make changes in ZBF policy, CSM deploys new configuration and everything seems to be fine. I must stress that only seems.
When for example I want to make only small changes to that device (by adding new username ans password) I make "preview configuration" and I see that CSM deletes part of ZBF policy - 10 of 12 zone-pair. For example for some reasons manager makes "no service-policy ...." in zone-pair. When I do another "preview configuration" (after adding another username) it deletes those empty zone-pairs. I thoung maybe naming doesn't suit it and I need to recreate all policy through CSM - nooooo. It did not help. Still it tried to delete some of policy.
Even when I created all ZBF policies from CSM Ive got situation when in one preview config it removes security-policy from zone-pair and after deployment in second preview it adds these security-policies to previous zone-pair. Its happaning in a loop.
Or another strange behaviour is when I add new username it does sth like this:
In "preview configuration" there is
policy-map type inspect CSM_ZBF_POLICY_MAP_1
no class class-default
class class-default
drop
while in GUI in CSM there is action inspect defined.
I've looked through bugtool, but with no success, so need any help.
regards
09-08-2010 05:05 AM
I've tested 3.3.1 version without any SP and I haven't seen described issues.
Can anyone who had the chance to work with CSM confirm it? Right now there is only one conclusion for me - to open the TAC case, but as a last resort
regards
11-10-2010 03:55 PM
Hello
did you sort this out already?
If not can you send me the configuration so I can try in my lab? At first glance it looks like a bug, so you might want to open a TAC case so we can log one
Stefano
11-11-2010 03:22 AM
hi,
thx for interest,
I didn't open the TAC case casue I didn't have much time for it, however the issue is resolved. It occured that SP2 to CSM was problematic. Right now I've got 3.3.1 version with SP1 and everything works just fine. To make sure that it was it, I installed then SP2 and the problem started again.
I don't have configuration saved but actually there wasn't much of it. It was a fresh system and only 1 or 2 devices ware added so I suppose it should be easy to restore the situation.
if you got any new info please let me know
regards
Przemek
11-15-2010 07:57 AM
sure
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: