Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to bypass CSC scanning in ASA

I have figured it out, thanks.

2 REPLIES
New Member

Re: How to bypass CSC scanning in ASA

Please post your solution. It could help someone else.

Thanks.

New Member

Re: How to bypass CSC scanning in ASA

access-list cscTraffic extended deny ip host 192.168.10.254 any

access-list cscTraffic extended deny ip host 192.168.1.199 any

access-list cscTraffic extended permit tcp any any eq www

access-list cscTraffic extended permit tcp any any eq pop3

access-list cscTraffic extended permit tcp any any eq smtp

access-list cscTraffic extended permit tcp any any eq ftp

class-map global-class

match default-inspection-traffic

class-map csc-class

match access-list cscTraffic

!

!

policy-map global-policy

class global-class

inspect pptp

inspect ftp

class csc-class

csc fail-open

!

service-policy global-policy global

originally, I had this line

access-list cscTraffic extended deny ip host 192.168.1.199 any

at the end of my access-list, that's why it wasn't working since ACL in cisco goes by order. I put it back on the top and it's fine.

Hope it helps.

294
Views
0
Helpful
2
Replies