Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
715
Views
0
Helpful
2
Replies

How to bypass CSC scanning in ASA

kpoon
Level 1
Level 1

‎07-20-2007 10:42 AM - edited ‎03-11-2019 03:47 AM

I have figured it out, thanks.

Labels:
0 Helpful
2 Replies 2

froggy3132000
Level 3
Level 3

‎07-20-2007 12:22 PM

Please post your solution. It could help someone else.

Thanks.

0 Helpful

kpoon
Level 1
Level 1
In response to froggy3132000

‎07-21-2007 02:11 AM

access-list cscTraffic extended deny ip host 192.168.10.254 any

access-list cscTraffic extended deny ip host 192.168.1.199 any

access-list cscTraffic extended permit tcp any any eq www

access-list cscTraffic extended permit tcp any any eq pop3

access-list cscTraffic extended permit tcp any any eq smtp

access-list cscTraffic extended permit tcp any any eq ftp

class-map global-class

match default-inspection-traffic

class-map csc-class

match access-list cscTraffic

!

!

policy-map global-policy

class global-class

inspect pptp

inspect ftp

class csc-class

csc fail-open

!

service-policy global-policy global

originally, I had this line

access-list cscTraffic extended deny ip host 192.168.1.199 any

at the end of my access-list, that's why it wasn't working since ACL in cisco goes by order. I put it back on the top and it's fine.

Hope it helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card