Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1072
Views
0
Helpful
9
Replies

CSPC ACL Updates

BenStansfield
Level 1
Level 1

‎04-25-2019 06:18 AM

Hello All

 

Please, can someone provide me with the latest list of ACL's that need to be configured on the Firewall to allow full functionality of the CSPC appliance? We were recently provided with the below list as Cisco documentation and Cisco TAC. 

 

However we are now also required to add nettools-upload.cisco.com? there is no mention of these updated ACL's on any Cisco documentation which is alarming. 

 

Host Name

IP Address

Port

Function

concsowebprd.cisco.com

72.163.7.113

443

Data upload from the collector to Cisco

concsoweb2-prd.cisco.com

72.163.7.125

443

Web socket tunnel access from Cisco secure GUI

dl.cisco.com

72.163.7.60

80 & 443

Utilised to perform upgrades and patches on the host, this can be configured automatically for minimising downtime.

dl1.cisco.com

72.163.7.60

80 & 443

dl2.cisco.com

173.37.146.12

80 & 443

sso.cisco.com

173.37.144.208

443

cloudsso.cisco.com

72.163.4.74

443

0 Helpful
9 Replies 9

jofrumki
Cisco Employee
Cisco Employee

‎04-25-2019 06:59 AM

nettools-upload.cisco.com is not required for CSPC to SNTC connectivity. The list provided should be sufficient. Can you help us understand why you believe nettools-upload.cisco.com to be a requirement?

0 Helpful

BenStansfield
Level 1
Level 1
In response to jofrumki

‎04-25-2019 07:02 AM

Hi Jofumki

Please see error below.

Capture3.png

Kind regards

0 Helpful

jofrumki
Cisco Employee
Cisco Employee
In response to BenStansfield

‎04-25-2019 07:38 AM

Thank you for the update, can you please confirm the current version running on your CSPC is 2.8.1.2 and if not, upgrade to this release level.

Once completed please attempt the upload again and update us with any changes.

Regards

0 Helpful

BenStansfield
Level 1
Level 1
In response to jofrumki

‎04-25-2019 07:45 AM

Hi

The Collector is a fresh installation of 2.8.1.2. the upload was previously working 

Kind regards

0 Helpful

jofrumki
Cisco Employee
Cisco Employee
In response to BenStansfield

‎04-25-2019 08:58 AM

Thank you for the update, can you confirm if there is a proxy configured on the CSPC?

If no proxy exists in the network and none is configured on the CSPC, please login to the CLI as collectorlogin the su to root. From root execute the command service concsotgw restart and attempt a new upload.

0 Helpful

BenStansfield
Level 1
Level 1
In response to jofrumki

‎04-26-2019 01:22 AM

Hi Jofrumki
The customer has a proxy configured on their network, the details are not configured on the CSPC appliance. We have more than 10 collectors with Proxy servers locally that don't have the config that works so not sure that this is the issue.
Kind regards
0 Helpful

jofrumki
Cisco Employee
Cisco Employee
In response to BenStansfield

‎04-26-2019 06:57 AM

Has the customer executed the command I recommended and attempted a new upload?

If the upload still fails then please send the output from cat /opt/ConcsoTgw/tail-end-gateway-decoupled/conf/csof_config.xml

Thank you

0 Helpful

BenStansfield
Level 1
Level 1
In response to jofrumki

‎04-29-2019 04:17 AM

Hi Jofrumki

Customer added nettools ACL and the upload worked.

Kind regards 

0 Helpful

jofrumki
Cisco Employee
Cisco Employee
In response to BenStansfield

‎04-29-2019 06:52 AM

Hello,

Thank you for the update, however we did notice that this CSPC is registered to a PSS customer and as a Partner Support Service partner you are entitled to open TAC cases with Cisco rather than using the SNTC community. Additionally, would it be possible to provide the output I requested previously? This behavior is unusual and we would like to document everything if possible.

Thank you

0 Helpful
Customers Also Viewed These Support Documents