Cisco security manager deployment issue with invalid command
Running CSM 3.3.1, to manage an 800 series pre-configured router.
The router has a number of policy ACL's and class-maps configured. When the config is imported to CSM a number of warnings are seen reporting that some of the interfaces are unprotected by ACL's, which is correct, no serious errors are reported and the device is succesfully imported.
But, when I look at the configuration within CSM non of the ACL's or the class maps are shown.
Also, when I configure some feature on the router, during the deployment phase I get an error indicating that there is an invalid protocol under one of the class maps associated with an interface. The protocol in question is bittorrent. This error prevents depolyment of my changes. In fact this causes my client to hang, eventually if I close the application windoes reports that the issue is caused by javaw.exe faiing to respond.
If I take out the bittorrent protocol under the class map then all seems well.
So, I though flexconfigs would resolve this, enabling me to import the config with the unsupported command. I created a flexconfig with the class map and the invalid protocol. When I re-imported the device there is still a lot of configuration features that are on the router but are missing in CSM.
I'm not sure how to resolve this, the router was not configured through CSM in the first place.
Update to this, the CSM is also altering firewall configurations, if I import a configuration from an ASA running 8.0.4 code, then compare that configuration to that running on the same ASA there are quite a few differencies. Some of these are not items that CSM reports as requiring Flexconfig support, which concerns me.
This is not the first time I've seen this occur, customer is concerned about the reliability of the way this system handles configurations, and I cannot explain why it exhibits this process.
The following documents are reviewed on the Ask The Experts Session titled: Use Case Overview and Planning: Cisco DNA Center Project Planning.
Here you can find editable versions of the
Solution Requirements Document UCOP_CiscoDNACenterProjectPlann...
If so, we’d like to speak with you to understand you and your team’s process on how you monitor and troubleshoot network traffic.
We ask that you complete our brief survey: https://ciscoux.az1.qualtrics.com/jfe/form/SV_d4LYJ5oWqWj9CCy Based on your ...
Listen: https://smarturl.it/CCRS8E38 Follow us: twitter.com/CiscoChampionAdding learning capabilities to the internet will increase the overall network SLO and application experience. Real data driven experiments have shown that such an approach...
Listen: https://smarturl.it/CCRS8E37Follow us: twitter.com/ciscochampionSometimes, situations require temporary fixes. Sometimes, the network becomes an afterthought in overall office design and planning. In either situation, it may require netw...
In this special edition of the Insider Series, we hear from Cisco partners who have taken steps to be more eco-friendly and sustainable. We hear what inspires ASHRAE, Southwire, Igor, and NTT to create a workplace that is centered around people and how th...