Cisco Security Manager: Managing ACL's and Flexconfig
Was wondering if there were any CSM gugu's out there that might be able to help explain something to me.
Query is for CSM 4.3.
In the Policy Object Manager under the "Access Control Lists" I have defined a number of ACLs. These are not firewall ACLs, but are used for things like defining interesting traffic for protocols such as WCCP.
As there is no policy defined for WCCP, I am having to use a Flexconfig to put WCCP config on an ASA (running 8.3).
My problem is, I can't seem to get CSM to deploy the ACLs I've defined, along with the WCCP Flexconfig, even though I have referenced (via variables) the ACLs in the Flexconfig script.
I would have thought, like any other object you define in CSM, if you make use of an object in a policy thats being deployed to a device, CSM realises that you need to deploy the object to the device and does it. A good example is host, network and group objects that are deployed to a device as part of firewall rules. If you define a firewall rule that makes use of object 'A' and put that in a rule policy, CSM realises that you need to define object 'A' on any devices that the policy containing the rule with object 'A' is being deployed to. Hence, we don't have issues with firewall rule insertion failing because they reference an object that doesn't actually exist on the device.
Does this work with Flexconfigs? If not, how can I have CSM deploy the ACLs that I've defined to a device before deploying the Flexconfig script that sets up WCCP in such a way that its referencing the ACLs? I really want to avoid defining the ACLs I want to use in more Flexconfig script.
Site to Site IPSec VPN with Dynamic IP Endpoint is typically used when we have a branch sites which obtains a dynamic public IP from the Internet ISP. For example an ADSL connection.One important note is that Site-to-Site VPN with Dynamic remote routers P...
On R1, configure a key ring that defines the peer R3:Address: 126.96.36.199Local and remote pre-shared key: cisco R1(config)#crypto ikev2 keyring KRR1(config-ikev2-keyring)# peer R3R1(config-ikev2-keyring-peer)# address 188.8.131.52R1(config-ikev2-keyring-pee...
This document shows how to use the Port Radius NAS PORT Id Attribute in a compound condition to control access with 802.1X.A user jdoe is allowed to access the network only through the physical port FastEthernet 0/1 of the switch and the user jwhite is al...
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...