Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Release Notes for CSPM 2.3.3.i and Caveat CSCdr78318

can someone please elaborate on this bug ?? i was getting ready to upgrade my CSPM 2.3.2.i box to 2.3.3.i and i read the release notes. this bug is in the release notes as:

"CSCdr78318: Sensors cannot define blocking rules for IOS routers that are managed devices. You cannot use Cisco Secure Policy Manager to manage an IOS router for which you want a sensor to generate blocking rules based on deteced attacks.

Workaround/Solution: No workaround exists. Do not attemot to enable blocking by a managed IOS router within the Network Topology tree."

does this mean that the sensor is not going to be able to generate ACL's when someone attacks or telnet to the router and block the attackers? this is how I am reading it.

3 REPLIES
New Member

Re: Release Notes for CSPM 2.3.3.i and Caveat CSCdr78318

or does this mean that you just cant use a router as a blocking device if you are using CSPM to regularly manage that router?

Cisco Employee

Re: Release Notes for CSPM 2.3.3.i and Caveat CSCdr78318

hello,

I read it as the latter. The IOS device cannot be managed by CSPM. It can, however, exist in the CSPM topology as an "unmanaged" device.

Cisco Employee

Re: Release Notes for CSPM 2.3.3.i and Caveat CSCdr78318

danrodi is correct,

Router management by CSPM is when CSPM is generating the configuration files for the router based on your CSPM policy.

Router management by the IDS Sensor is when the sensor generates ACLs to block specific addresses. The sensor communication with the router is configured through CSPM in the sensor configuration area.

You can not both manage a cisco router with CSPM and with the IDS Sensor.

Because they will be trying to apply ACLs to the same interfaces and overwriting each other's ACLs.

If using the senor to manage the router ACLs then you will have to manualy configure the router instead of using CSPM.

105
Views
0
Helpful
3
Replies
CreatePlease login to create content