Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CSC on ASA stopped working...

Hi there,

I am having an issue with CSC, it was configured for http filtering, working fine for a while but now it allows to open all websites, even company prohibited ones!

Here are my configs:

access-list csc_out_ING_NETOPS extended permit tcp 10.16.170.0 255.255.255.0 any eq ftp

access-list csc_out_ING_NETOPS extended permit tcp 10.16.170.0 255.255.255.0 any eq smtp

access-list csc_out_ING_NETOPS extended permit tcp 10.16.170.0 255.255.255.0 any eq www

access-list csc_out_ING_NETOPS extended permit tcp 10.16.170.0 255.255.255.0 any eq pop3

access-list csc_in extended permit tcp any 10.16.170.0 255.255.255.0 eq ftp

access-list csc_in extended permit tcp any 10.16.170.0 255.255.255.0 eq smtp

access-list csc_in extended permit tcp any 10.16.170.0 255.255.255.0 eq www

access-list csc_in extended permit tcp any 10.16.170.0 255.255.255.0 eq pop3

class-map csc_outbound_class_ING_NETOPS

match access-list csc_out_ING_NETOPS

class-map csc_inbound_class

match access-list csc_in

policy-map csc_out_policy_ING_NETOPS

class csc_outbound_class_ING_NETOPS

csc fail-open

policy-map csc_in_policy

class csc_inbound_class

csc fail-open

service-policy csc_out_policy_ING_NETOPS interface ING_NETOPS

service-policy csc_in_policy interface Internet

I can see hits on csc_out_ING_NETOPS access list, if i go to asdm and open Content Security page I am seeing these prohibited websites categorized correctly, the treat summary counter increases as well. However, I am able to open the website.

Has anyone had similar issue in the past?

Thanks

2 REPLIES
Anonymous
N/A

Re: CSC on ASA stopped working...

First remove and reconfigure the access list. If that doesnt work upgarde ASA

Community Member

Re: CSC on ASA stopped working...

I have a CSC that is giving me a few fits as well. I have been working with TAC as well. Thier reccomendation was to upgrade the CSC to 6.2 code. What code are you at on the CSC specifically and on the ASA?

When you enable the CSC to automatically upgrade, it seems to upgrade itself and reload the application, which at times, especially when busy, unstable. Turn that down to once a day.

I had upgraded twice in the 6.1 train and that didnt seem to do the trick. At 6.2, things appear stable.

170
Views
0
Helpful
2
Replies
CreatePlease to create content