CSPM 3.0 issues

Unanswered Question
Jun 22nd, 2002
User Badges:

Hi,


Currently, I have my existing PIX Firewall and IOS routers in my network. I already have firewall rules and access-list on the PIX and routers respectively.


My company has bought CSPM 3.0 to manage these devices. While trying to add the rules in the Policy Manager for using my PIX firewall rules, I discover that the same rules also appear as access-list in my routers... Can I add these rules to just my PIX firewall only??


My worry is that if I continue to add my IOS routers access-list(different from the PIX firewall rules). All these commands will appear for both my PIX and routers.... This is not what I want.


Pls help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David White Sun, 06/23/2002 - 09:59
User Badges:
  • Cisco Employee,

You create all your "policies" in CSPM. Meaning you want network A to be able to talk to Network B on port 80... Then CSPM will calculate all the paths between A and B and then apply the corresponding Access-lists to the devices along the path.


Therefore, only the devices that need the access-list entries will have them applied.


Hope that helps,


David.

wongks Sun, 06/23/2002 - 19:50
User Badges:

Correct me if I am wrong... Then in this case all my managed devices with network A and network B will have the access-list applied.This will definitely slow down my network...


is there a new release whereby we can choose the managed devices to distribute the rules to?



rgraether Sun, 06/23/2002 - 22:08
User Badges:

you don't need to mark your devices as managed!

if you insert your routers as routers and not as ios routers cspm won't build access-lists for it.


the other possibility is to use the epilog window.

you can apply the commands

no ip inspect


and then for each interface

no ip access-group in



Actions

This Discussion