InterScan for CSC SSM Notification
I have received this message from my ASA5500 with SSM module:Compact Flash storage is nearly out of space
After that I have received other one with the message: Scan services have recovered from a previous failure. The SSM system is now back to normal.
I think the SSM module hasa Flash with a 1GB, someone knows it is normal or something is wrong??
We opened a TAC case for this. And we received the following response...The error your getting is a known cosmetic error. It will not affect anything. There is currently no work around at the moment. This is normal, there is a built in mechanism that automatically cleans up the flash."
Similar Messages
-
License violation has been detected on the InterScan for CSC SSM
We are receiving this everyday at 1 AM, but there is no traffic on the network at this time. What can I do on the ASA or CSC to find out where and what this traffic is?
There are currently 559 active nodes while you only have 500 seats of license. 59 more seats of license is required.This issue has confused us for a while too… Here’s the deal:
Even after the license violation the traffic for all the users will be scanned by the module. Despite the error message that you are seeing, the CSC will not drop connections due strictly to license violations. It is only a warning at this point.
With a high number of nodes, it is likely that you will overwhelm the CSC processing capacity. If the users are overly aggressive in their connections, they can easily max out the capacity.
Here's a high level link:
http://www.cisco.com/en/US/customer/products/ps6120/products_white_paper0900aecd805c3cd6.shtml
Can you increase the license? It only goes up to 1,000.
How can you tell what the count is? Use the following command from the ASA CLI:
show csc node-count yesterday
Here's the link:
http://www.cisco.com/en/US/docs/security/asa/asa72/command/reference/s2_72.html#wp1186101
Hope this helps! -
Filtering sub-categories on Interscan for CSC SSM
Does anyone no how to identify what URL's are classified as a part of each sub-category? Is there a published list somewhere that I can tell which sites are part of certain categories?
Thanks,
LarryTry this link:
http://www.cisco.com/univercd/cc/td/doc/product/multisec/modules/cscssm/cscssm61/csc61adm/ -
Which part number for CSC-SSM with Plus license?
Dear All,
Which part number for CSC-SSM with Plus License? i saw the part number for standard license.
could you let me know?
Best regards,Hi,
The part number is the following:
ASA-CSCX-YP-ZY
where X is your CSC model, Y is the number of seats of the license and Z is the number of years.
For instance, if you need a 2 year plus license for a CSC10 with 250 seats, the part number would be ASA-CSC10-250P-2Y
Regards,
Nicolas -
ASA 5520 : IP address for CSC SSM
Hi All,
I have an ASA 5520 with CSC SSM. I have base and plus license and want to activate it. T he IP address and gateway have to be configured on the CSC SSM. I have configured IP addresses for the INSIDE,OUTSIDE,DMZ and MGMT. The outside is a public IP address. Now for the CSC SSM what range should i give?
There is an ISA server on the DMZ where all user IP's get PATed and on ASA this gets NATed on the ASA. Direct access to the internet exists for the servers (bypassing proxy).
My basic doubt is about the IP address and gateway that the CSC SSM should have and is it related ot the management interface ip address?
Thanks and Regards.
SonuHi
put your CSC ip address as outside interface subnet.because CSC needs automatic updates from internet.and you can able to manage CSC from remote itself.
for EX
your outside ip is 10.0.0.1/24,make CSC IP As 10.0.0.2/24,Gateway 10.0.0.1
Hopes this helps
regs
S.Mohana sundaram -
Trend Micro updates for CSC SSM
Any word on if or when patch would be available for 6.3.1172 ? My ASA has only 256kb memory, and I believe it would require a memory upgrade for any further software upgrades.
The mail and TMCM agent service is always stopped. Access to CSC-SSM via web browser is not possible, nothing happens, and ASDM is not communicating with CSC. I restarted management access port, without success. Restore to Factory settings is not possible. I get this error message:
Restoring default settings: /opt/trend/isvw/bin/setup.bin: line 2861: /opt/trend/isvw/lib/mail/rules/UserApprovedList.txt: Read-only file system
/opt/trend/isvw/bin/setup.bin: line 2862: /opt/trend/isvw/lib/mail/rules/UserBlockedList.txt: Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/web/intscan.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
cp: unable to remove `/opt/trend/isvw/config/mail/imss.ini': Read-only file system
I try to reimage with 6.2 version, maybe this helps.
If you have a clue tell me!
Thank you -
i have CSC ssm module in my lab. i forgot its username/password and also the ip address of csc module. when i tried to do reimgine the csc module, setup asks for ip address of csc module. is there is any way to recover password without knowing the ip address of CSC module.
This document describes how to recover a password on a Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) or the Advanced Inspection and Prevention Security Services Module (AIP-SSM) without having to re-image the device.
http://cisco.com/en/US/partner/products/ps6120/products_password_recovery09186a00807f5a59.shtml -
Overrun nodes license CSC-SSM-10 (100 nodes) ASA5520
Hi all,
I got an ASA5520 with a CSC-SSM-10 (100 nodes) in use. There are about 200 host behind.
What happen, when the node license will be overrun. E.g. all 200 hosts are connecting through the firewall/contentfilter
at the same time?
Thanks,
NorbertYou can issue "sh csc node-count" on the ASA CLI.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/s2.html#wp1362072
License upgrade notice Error Message license-upgrade-notice: Your daily node counts (daily_count) has
exceeded your licensed seats (seats) by offset. Please upgrade your license.
Example:
License-upgrade-notice: Your daily node counts (300) has exceeded your licensed seats (100) by 200. Please upgrade your license.
Explanation This system log message is generated when CSC SSM detects more nodes connected to the CSC SSM than are specified in the current license. In addition to this message, a notification e-mail is sent to the administrator.
• daily_count—The daily node count that has connected to the CSC SSM • seats—The number of seats of the CSC SSM license • offset—The daily count minus the number of seats
Recommended Action Contact Cisco for a license upgrade.
You can read the above in the csc module admin guide here: http://www.cisco.com/en/US/docs/security/csc/csc62/administration/guide/cscbook.pdf
-KS -
ASA5510-SEC with CSC-SSM and Plus lic
I have setup the ASA5510-SEC with the CSC-SSM and it is working great. What I need is to be able to provide, for the client, reports of how much time particular users spend on the Internet, where they go on the Internet etc. Do I need more product to do this reporting? Would also like to have email reports
Thanks,I would recommend posting in netpro for this. This community doesn't work with the ASA series.
www.cisco.com/go/netpro -
Hello,
One of our customers has an ASA5510 with CSC SSM-10 security module. The software version of the module is 6.6.1125.0.
Is it possible to do https filtering with this module ? The cutomer is complaining that this is not possible..., They cannot do this.
Please any help or suggestion how to assist them ?
p.s. from Cisco I've read the following:
• HTTPS Filtering
– Able to allow or block HTTPS traffic.
– Supports group-based and user-based HTTPS policies.
– Includes URL blocking/URL exception list support for HTTPS domains.
Thank you and best regards,
IlirThis should help:
http://www.cisco.com/en/US/docs/security/csc/csc66/administration/guide/csc1.html -
Cisco CSC SSM to Active directory integration issue
Hi,
I have configured ASA CSC SSM module for AD integration for user based access control. The domain controller Agent has been installed in AD server. But the Agent is not able to communicate to CSC module. There are errors getting generated in AD and CSC.
There are no network layer issues between AD server and CSC. All the frewalls have been turned off. I suspect some configuration changes to be done on AD or with the Agent installation file. I have followed the configuration steps recommended by Cisco in configuring AD server and CSC module. I have attached the Log files.
Please suggest solution for this issue. Thank you.
With Regards,
Madhan kumar G.Hi,
Below are the suggestions from TAC engineer, which rectified issue in my case. Hope this helps your scenario.
Ø Verify the following
Ø 1. The client machines should be part of the windows domain
Ø
Ø 2. File Sharing should be enabled on the client machine
Ø
Ø 3."Remote Registry" Service should be enabled
Ø
Ø 4. On the windows firewall, select "Windows Management Instrumentation
Ø
Ø (WMI)" as exception program to allow in bound WMI calls.
Ø
Ø Also, make sure the "File and Printer Sharing" is part of the exception list.
Ø
Ø 5. The client is able to ping the Agent and the Domain Controllers. -
Step to prep CSC SSM on ASA Active/Standby mode
Hi all,
I am trying to setup Active/Standby HA mode for my site.
Currently the site was installed with one unit ASA firewall with CSC-SSM module, the second unit is the new unit ready to be setup.
My question:
01. My concern is second unit CSC-SSM, what is the proper procedure or step need to prep it?
Is it need to prep the CSC-SSM before the ASA in HA mode Or it will auto propagate the configuration when both unit in HA mode?
What else need to concern? am i need to setup different IP for the CSC-SSM management interface?
Thanks
NoelHello Yong,
Configuration related to the CSC or SSM modules will never get propagated so you will basically need to configure it manually.
Also it's not like if the Config on both modules is different failover will fail but ofcourse you wanna have the same one
IP addresses for each of the modules will be dedicated ones. Remember that failover will fail if one box has the CSC and the other not.
Looking for some Networking Assistance?
Contact me directly at [email protected]
I will fix your problem ASAP.
Cheers,
Julio Carvajal Segura
http://laguiadelnetworking.com -
Hi,
i have an ASA5520 with v 7.2(2) running.
but the IPS module spftware is 5.1
when i tried to login to the > session 1
it prompts me for a login and password.
i tried cisco and a few other combinations.. but no luck ,,
how do i reset it ?? also that reset procedure on the docs says its resets password or the user cisco ..
how can i be sure if the user cisco even exists on it or not ?
any help please ???no man it doesnt ..
the link u specified says it too..
hw-module module slot_number password-reset?This command recovers a password on a Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) or the AIP-SSM without having to re-image the device.
Note: This command starts support from IPS 6.0 (ASA 7.2 version) and is used to restore the Cisco CLI account password to the default cisco
hers my ASA and IPS details..
ASA# sh version
Cisco Adaptive Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "disk0:/asa722-k8.bin"
Config file at boot was "startup-config"
ASA up 22 days 3 hours
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
ASA# sh module 1
Mod Card Type Model Serial No.
1 ASA5500 SSM-10 ASA-SSM-10 B155670DW4
Mod MAC Add Range Hw Ver. Fw Ver. Sw Ver.
1 00xx to 001 1.0 1.0(10)0 5.0(2)S152.0
Mod SSM Apps. Name Status SSM Apps Version
1 IPS Up 5.0(2)S152.0
Mod Status Data Plane Status Compatibility
1 Up Up -
Hi,
I must block a HTTPS website using CSC-SSM on a ASA 5520 but it looks like it won't block HTTPS traffic at all so I've been searching around and I found that "Traffic that moves through HTTPS cannot be scanned for viruses and other threats by the CSC-SSM software.".
Anyone has sucessfully blocked HTTPS traffic using CSC-SSM?
Which other blocking methods would you recommend? ASA's URL filtering?
Thanks in advice.
Guilhermehi Guilherme
the idea with https it is a secured http with sslor tls which is the same idea with vpn/IPSEC where the traffic is tunnled and cannot be inspected before get devrypted
which wshould be the same with all vendors
if u can inspect the https and scan it then it is not secure enough !! right :)
good luck
if helpful Rate -
No outbound smtp traffic via CSC SSM.
Hallo
I have a Problem with my ASA CSC-SSM Module (Version 6.1).
The inspection of http and POP works fine, but i have a problem with the outbound smtp traffic.
If i direct the SMTP Traffic via an Service Policy to my CSC Module no Mail will be send outbound.
If i remove the ACE from my SP smtp works fine again.
The reason why i want to inspect my outbound mailtraffic is that i want to add a disclamer to my outgoing mails.
I read the Admin Guide but there is no example how to Configure outbound SMTP( only inbound SMTP).
Is there something that i have to do?
I hope someone can help me.Try this config:
access-list csc_out permit tcp host 192.168.200.xxx any eq smtp ---for smtp
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq 80
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq pop3
access-list csc_out permit tcp 192.168.2xx.0 255.255.255.0 any eq ftp
class-map csc_outbound_class
match access-list csc_out
policy-map csc_out_policy
class csc_outbound_class
csc fail-close
service-policy csc_out_policy interface inside
Maybe you are looking for
-
Is itunes compatible with windows 8
Is itunes compatible with windows 8. I get 100% disk usage when downloading from itunes store.
-
How to track updates in Master Table?
hi all I have few Master tables like MRP Controllers , Asset Classes, reason for Investment etc.I have got the master tables that store these information. but standard IDocs are not present for those Master data. My requirement is , whenever new Mast
-
Need help with ending of payment enrollment. Plz help as soon, as you can.
Hello, I bought a subscription for the iOS Developer, 11.03.13 deducted from my credit card $ 99. But the subscription has not joined. I received several letters, one of them written order number, but I can not see this number in your account - says
-
Deploying BOE XI 3.1 SP2 apps on SAP NW J2EE 7.0/7.11 - 404 Error
Hi, I'm experiencing problems with opening InfoView + Cmc after deploying to SAP J2EE. What happens is that I can open up the URLs and the page is displayed with the logo, header etc., but instead of the login box I get a 404 error - "ressource can n
-
Recently, my iPod touch 2G has been reverting to a different date and time from the actual. The time zone is set on eastern time (Atlanta USA) but it keeps changing the date to February 8, 2009 and 11:09PM. Even after I change it in general settings,