cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

315
Views
0
Helpful
3
Replies

[Cisco Security Manager][4.6] Is it possible to modify the proposed configuration ?

Hello,

I currently manage an ASA firewall which was already configured before the integration to CSM. When I try to deploy some changes made with CSM client software, CSM proposes a configuration that removes some useful access-list. Why do CSM wants to remove these access-list even if they are useful for my infrastructure ? Is it possible to modify the proposed configuration before the deployement ?

 

Thank you,

Stephane

3 REPLIES 3
Beginner

Hi Stephane, There is a

Hi Stephane,

 

There is a option in Tools-->Security manager administration-->Deployment.Here under ACL Parameters there is an option "remove unreferenced  access-list on device" check box. Uncheck this ,after that you will retain the configuration.

By default any unreferenced ACL's is device will be removed by CSM.

 

Thanks,

Sadha

Hi Sadha,Thank you for your

Hi Sadha,

Thank you for your answer. It helps me to solve my problem with the access-list but now I encounter the same problem with an used AAA-server line which is deleted by CSM. Why does CSM try to delete it and is there a way to avoid it ?

Thank you,

Stephane

Highlighted
Beginner

Hi Stephane, AAA server

Hi Stephane,

 

AAA server /server group is objcet in CSM.When this object is unreferenced in AAApolicy any rule it will remove based on the settings.

 

Go to Tools--->Security manager administration-->Deployment,under ACL parameters there is option object group paramters, uncheck the option,remove unrefereced objcet group in device.

 

This should solve the issue.

 

In case the problem is not solved,upload the screen shot of preview configuration.

 

Thanks,

Sadha