cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
716
Views
0
Helpful
2
Replies

How to bypass CSC scanning in ASA

kpoon
Level 1
Level 1

I have figured it out, thanks.

2 Replies 2

froggy3132000
Level 3
Level 3

Please post your solution. It could help someone else.

Thanks.

access-list cscTraffic extended deny ip host 192.168.10.254 any

access-list cscTraffic extended deny ip host 192.168.1.199 any

access-list cscTraffic extended permit tcp any any eq www

access-list cscTraffic extended permit tcp any any eq pop3

access-list cscTraffic extended permit tcp any any eq smtp

access-list cscTraffic extended permit tcp any any eq ftp

class-map global-class

match default-inspection-traffic

class-map csc-class

match access-list cscTraffic

!

!

policy-map global-policy

class global-class

inspect pptp

inspect ftp

class csc-class

csc fail-open

!

service-policy global-policy global

originally, I had this line

access-list cscTraffic extended deny ip host 192.168.1.199 any

at the end of my access-list, that's why it wasn't working since ACL in cisco goes by order. I put it back on the top and it's fine.

Hope it helps.

Review Cisco Networking for a $25 gift card