CSM 3.3.1 - deployment bug? after installing SP1&SP2
I've recently installed CSM 3.3.1 with SP1 and SP2 and I've encountered quite serious (for me) problem. Has anyone met strange situations after installing service packs?
When I discover new device (i.e. router with 15.1 ios version) and make changes in ZBF policy, CSM deploys new configuration and everything seems to be fine. I must stress that only seems.
When for example I want to make only small changes to that device (by adding new username ans password) I make "preview configuration" and I see that CSM deletes part of ZBF policy - 10 of 12 zone-pair. For example for some reasons manager makes "no service-policy ...." in zone-pair. When I do another "preview configuration" (after adding another username) it deletes those empty zone-pairs. I thoung maybe naming doesn't suit it and I need to recreate all policy through CSM - nooooo. It did not help. Still it tried to delete some of policy.
Even when I created all ZBF policies from CSM Ive got situation when in one preview config it removes security-policy from zone-pair and after deployment in second preview it adds these security-policies to previous zone-pair. Its happaning in a loop.
Or another strange behaviour is when I add new username it does sth like this:
In "preview configuration" there is
policy-map type inspect CSM_ZBF_POLICY_MAP_1 no class class-default class class-default
while in GUI in CSM there is action inspect defined.
I've looked through bugtool, but with no success, so need any help.
I didn't open the TAC case casue I didn't have much time for it, however the issue is resolved. It occured that SP2 to CSM was problematic. Right now I've got 3.3.1 version with SP1 and everything works just fine. To make sure that it was it, I installed then SP2 and the problem started again.
I don't have configuration saved but actually there wasn't much of it. It was a fresh system and only 1 or 2 devices ware added so I suppose it should be easy to restore the situation.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...