Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ACLs not being created by CSPM for PIX

I have upgraded to CSPM 2.3.2f (actually a fresh install), rebuilt my topology, setup my static mapping, NAT, globals, etc. I then recreated my policies for access to the mail and dns servers - exactly the same as they were in CSPM 2.2. Unfortunately the new version of the CSPM for the PIX (f train) is not picking those up and creating the appropriate ACLs/conduits to access those services. Is there something I'm forgetting? Thanks.

2 REPLIES
Cisco Employee

Re: ACLs not being created by CSPM for PIX

rsmith,

The PIX has DNS Guard which is always on and can't be turned off. That may have obviated your DNS rule.

PIX has MailGuard which I think is on by default and may obviated your mail server rule. Check the "fixup smtp ..." command in the configurations.

Liberty for All,

Brian

New Member

Re: ACLs not being created by CSPM for PIX

Brian:

I checked the command configurations that the CSPM will send to the PIX...there are no fixup statements in the config for DNS or SMTP.

112
Views
0
Helpful
2
Replies
CreatePlease to create content