cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1549
Views
0
Helpful
2
Replies

ACLs not being created by CSPM for PIX

rsmith
Level 1
Level 1

I have upgraded to CSPM 2.3.2f (actually a fresh install), rebuilt my topology, setup my static mapping, NAT, globals, etc. I then recreated my policies for access to the mail and dns servers - exactly the same as they were in CSPM 2.2. Unfortunately the new version of the CSPM for the PIX (f train) is not picking those up and creating the appropriate ACLs/conduits to access those services. Is there something I'm forgetting? Thanks.

2 Replies 2

brford
Cisco Employee
Cisco Employee

rsmith,

The PIX has DNS Guard which is always on and can't be turned off. That may have obviated your DNS rule.

PIX has MailGuard which I think is on by default and may obviated your mail server rule. Check the "fixup smtp ..." command in the configurations.

Liberty for All,

Brian

Brian Ford | brford@cisco.com | brford@yahoo.com | 51 75 61 6c 69 74 79 20 6d 65 61 6e 73 20 64 6f 69 6e 67 20 69 74 20 72 69 67 68 74 20 77 68 65 6e 20 6e 6f 20 6f 6e 65 20 69 73 20 6c 6f 6f 6b 69 6e 67 2e | Email me when you figure this out.

Brian:

I checked the command configurations that the CSPM will send to the PIX...there are no fixup statements in the config for DNS or SMTP.

Review Cisco Networking for a $25 gift card