Showing results for 
Search instead for 
Did you mean: 

Cisco security manager deployment issue with invalid command

Running CSM 3.3.1, to manage an 800 series pre-configured router.

The router has a number of policy ACL's and class-maps configured. When the config is imported to CSM a number of warnings are seen reporting that some of the interfaces are unprotected by ACL's, which is correct, no serious errors are reported and the device is succesfully imported.

But, when I look at the configuration within CSM non of the ACL's or the class maps are shown.

Also, when I configure some feature on the router, during the deployment phase I get an error indicating that there is an invalid protocol under one of the class maps associated with an interface. The protocol in question is bittorrent. This error prevents depolyment of my changes. In fact this causes my client to hang, eventually if I close the application windoes reports that the issue is caused by javaw.exe faiing to respond.

If I take out the bittorrent protocol under the class map then all seems well.

So, I though flexconfigs would resolve this, enabling me to import the config with the unsupported command. I created a flexconfig with the class map and the invalid protocol. When I re-imported the device there is still a lot of configuration features that are on the router but are missing in CSM.

I'm not sure how to resolve this, the router was not configured through CSM in the first place.


Update to this, the CSM is also altering firewall configurations, if I import a configuration from an ASA running 8.0.4 code, then compare that configuration to that running on the same ASA there are quite a few differencies. Some of these are not items that CSM reports as requiring Flexconfig support, which concerns me.

This is not the first time I've seen this occur, customer is concerned about the reliability of the way this system handles configurations, and I cannot explain why it exhibits this process.

Anyone else seen this, and found a work around?