Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Required full internet access

Dear All,

Please share with me which command need to configure in Cisco ASA 5510 for full internet access.Actually customer has cisco ASA 5510 with CSC-SSM module but he want to give full internet access of Mgmt level users.

For your reference please find the running configuration file.

Regards,

Pushpendra

5 REPLIES
Cisco Employee

Re: Required full internet access

the way it is setup i cannot see how firewall is blocking any request from the internal users, everything seems to be open for inside users

are you concerned about any particular traffic, is anything affected right now

New Member

Re: Required full internet access

Actually all of traffic goes outside through CSS-SSM module.Which is filtering website which site is required to open for user which is not,But Some mgmt user want to full internet access. so please suggest me procedure of open all site perticular IP.

Cisco Employee

Re: Required full internet access

so what exactly is the requirement here

do you want to stop processing traffic through the module or do you want to allow everything for traffic through the module

if you want to allow everything then do not send the traffic throiugh the module


use the following command this will stop sending traffic through the CSC SSM module

policy-map global_policy

no class global-class

New Member

Re: Required full internet access

Sir i want to particular some IP who will access full internet means everything which is he want to open site and rest of users will be go through CSC-SSM.have any option in ASA that mgmt user will not go through CSC-SSM but rest of user will be go the CSC-SSM.

Cisco Employee

Re: Required full internet access

then make 2 networks

you can give one network as managment network and the other for rest of the users

eg: 10.1.0.0 /24 management
      10.1.1.0 / 24 rest of the users

and pass only 10.1.1.0 network through the csc ssm

you are using this acl to identify traffic for csc ssm

access-list global_mpc extended permit ip any any

removce ip any any and add 10.1.1.0 255.255.255.0 any

293
Views
0
Helpful
5
Replies