Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSC SSM Multiple Context

Hi,

I would like to know if the CSC SSM is supported on the Multiple Context mode on the ASA?

How is this achievable?

On my setup i have 2 different context, apparently 1 of my context are able to access to the CSC SSM.

Reason being, context 1 and the CSC SSM management ip are reachable.

On the other hand, context 2 and CSC SSM has no ip connection at all..

Is there any documents on Cisco that i could readup on?


Please advise.

Jocelyn

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: CSC SSM Multiple Context

You don't have to have ip connectivity to the CSC from the second context.  Connectivity for the CSC module to the internet is for the module to get updates.  So long as it can go out to the internet through the one context that is good enough. The back plane traffic is seen by the CSC to be scanned and the MPF controls what traffic is actually scanned.

So, long as the context is configured to send traffic the CSC module will scan it.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html#wp1063309

A note in here says the followig:

When the adaptive security appliance operates in multiple context mode, the configure keyword is available only in the system context.

Besides that the admin guide for the CSC module doesn't talk about multiple context and I wouldn't expect it to either.

http://www.ciscosystems.ch/en/US/docs/security/csc/csc63/release/notes/cscrn631.html

-KS

2 REPLIES
Cisco Employee

Re: CSC SSM Multiple Context

You don't have to have ip connectivity to the CSC from the second context.  Connectivity for the CSC module to the internet is for the module to get updates.  So long as it can go out to the internet through the one context that is good enough. The back plane traffic is seen by the CSC to be scanned and the MPF controls what traffic is actually scanned.

So, long as the context is configured to send traffic the CSC module will scan it.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ssm.html#wp1063309

A note in here says the followig:

When the adaptive security appliance operates in multiple context mode, the configure keyword is available only in the system context.

Besides that the admin guide for the CSC module doesn't talk about multiple context and I wouldn't expect it to either.

http://www.ciscosystems.ch/en/US/docs/security/csc/csc63/release/notes/cscrn631.html

-KS

New Member

Re: CSC SSM Multiple Context

Thanks for your reply.

I got it to work.

As what you said. There is no need for a IP connection to the other context.

Whatever applies to CSC applies to all context.

Regards: Jocelyn

538
Views
0
Helpful
2
Replies
CreatePlease login to create content