cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1411
Views
0
Helpful
3
Replies

[Cisco Security Manager][4.6] Is it possible to modify the proposed configuration ?

stephane.walker
Level 1
Level 1

Hello,

I currently manage an ASA firewall which was already configured before the integration to CSM. When I try to deploy some changes made with CSM client software, CSM proposes a configuration that removes some useful access-list. Why do CSM wants to remove these access-list even if they are useful for my infrastructure ? Is it possible to modify the proposed configuration before the deployement ?

 

Thank you,

Stephane

3 Replies 3

nsadhasi
Level 1
Level 1

Hi Stephane,

 

There is a option in Tools-->Security manager administration-->Deployment.Here under ACL Parameters there is an option "remove unreferenced  access-list on device" check box. Uncheck this ,after that you will retain the configuration.

By default any unreferenced ACL's is device will be removed by CSM.

 

Thanks,

Sadha

Hi Sadha,

Thank you for your answer. It helps me to solve my problem with the access-list but now I encounter the same problem with an used AAA-server line which is deleted by CSM. Why does CSM try to delete it and is there a way to avoid it ?

Thank you,

Stephane

Hi Stephane,

 

AAA server /server group is objcet in CSM.When this object is unreferenced in AAApolicy any rule it will remove based on the settings.

 

Go to Tools--->Security manager administration-->Deployment,under ACL parameters there is option object group paramters, uncheck the option,remove unrefereced objcet group in device.

 

This should solve the issue.

 

In case the problem is not solved,upload the screen shot of preview configuration.

 

Thanks,

Sadha

Review Cisco Networking for a $25 gift card