Cisco security manager deployment issue with invalid command
Running CSM 3.3.1, to manage an 800 series pre-configured router.
The router has a number of policy ACL's and class-maps configured. When the config is imported to CSM a number of warnings are seen reporting that some of the interfaces are unprotected by ACL's, which is correct, no serious errors are reported and the device is succesfully imported.
But, when I look at the configuration within CSM non of the ACL's or the class maps are shown.
Also, when I configure some feature on the router, during the deployment phase I get an error indicating that there is an invalid protocol under one of the class maps associated with an interface. The protocol in question is bittorrent. This error prevents depolyment of my changes. In fact this causes my client to hang, eventually if I close the application windoes reports that the issue is caused by javaw.exe faiing to respond.
If I take out the bittorrent protocol under the class map then all seems well.
So, I though flexconfigs would resolve this, enabling me to import the config with the unsupported command. I created a flexconfig with the class map and the invalid protocol. When I re-imported the device there is still a lot of configuration features that are on the router but are missing in CSM.
I'm not sure how to resolve this, the router was not configured through CSM in the first place.
Re: Cisco security manager deployment issue with invalid command
Update to this, the CSM is also altering firewall configurations, if I import a configuration from an ASA running 8.0.4 code, then compare that configuration to that running on the same ASA there are quite a few differencies. Some of these are not items that CSM reports as requiring Flexconfig support, which concerns me.
This is not the first time I've seen this occur, customer is concerned about the reliability of the way this system handles configurations, and I cannot explain why it exhibits this process.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...