Showing results for 
Search instead for 
Did you mean: 

Cisco Security Manager removes the access-lists that are not in use on PIX/ASA


What is CSM?

CSM is an enterprise class device management solution for managing Cisco security devices like ASA, IPS, IOS devices and VPN gateways. CSM is full of features designed to make life easier for administrators that work with lots of Cisco security devices and want a central management and troubleshooting solution. CSM offers policy-based management so you can create configuration policies once and then share them between multiple devices. For example you can setup a global AAA policy or access policy and then add in all your routers and ASA's so they inherit from that policy. Now when you need to make a change you just change the global policy and all the attached devices get updated. CSM also has configuration archiving and rollback, workflow, RBAC, and ACL optimization features. All of this is wrapped up in a slick GUI interface that can make previously tedious tasks go away.

Core issue

In this issue, the Cisco Security Manager (CSM) removes the access-list and object groups if they are not in use on the PIX/ASA.


In order to keep the access-list that is not in use on the device, choose Tools > Security Manager Administration > deployment. Uncheck the remove unreference access-lists on device check box . This option is enabled by default.

Refer to the Policy Discovery section of FAQs and Troubleshooting Guide for Cisco Security Manager for more information.

Content for Community-Ad