We've started to deploy CSM 3.01 on our network (currently we have about 20 ASA's and this list is going to have about a 100 devices). The point is that we haven't used CSM's Policy View tab to develop our security policy - we've deployed our policy on each device through ASDM (or CLI). So now we have independent policy on each device (they are very similar but they are local to each device). CSM has an policy inheritance mechanism but the question is - how can we deploy one shared policy thorugh policy tab and retain local individual rules that were added later?
The problem is that CSM offers to deploy policy and then to add local rules but how can we make it reverse - i mean automatically add global policy to local rules and to delete rules that match in both policies?
I think that is rather "unclear" explanation of problem, but i'll try to answer any additional questions.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...