Reloading or resetting the module, Shutting down the module, Configuration examples for the csc ssm – Cisco ASA 5505 User Manual

Page 1284

Advertising
background image

60-16

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 60 Configuring the ASA CSC Module

Configuration Examples for the CSC SSM

Reloading or Resetting the Module

To reload or reset the module, enter one of the following commands at the ASA CLI.

Detailed Steps

Shutting Down the Module

If you restart the ASA, the module is not automatically restarted. To shut down the module, perform the
following steps at the ASA CLI.

Detailed Steps

Configuration Examples for the CSC SSM

To identify the traffic that you want to scan, you can configure the ASA in different ways. One approach
is to define two service policies, one on the inside interface and one on the outside interface, each with
an access list that matches traffic to be scanned. The following example is based on the network shown
in

Figure 60-3

and shows the creation of two service policies for a common CSC SSM scanning scenario:

The first policy, csc_out_policy, is applied to the inside interface and uses the csc_out access list to
ensure that all outbound requests for FTP and POP3 are scanned. The csc_out access list also
ensures that HTTP connections from inside to networks on the outside interface are scanned, but it
includes a deny ACE to exclude HTTP connections from inside to servers on the DMZ network.

Command

Purpose

hw-module module 1 reload

Example:

hostname# hw-module module 1 reload

Reloads the module software.

hw-module module 1 reset

Example:

hostname# hw-module module 1 reset

Performs a reset, and then reloads the module.

Command

Purpose

hw-module module 1 shutdown

Example:

hostname# hw-module module 1 shutdown

Shuts down the module.

Advertising