ASA CSC - SSM issue
Dear concern,
I installed CSC-SSM-10 on cisco ASA 5520.
I am facing two problems
Problem 1: When I send traffic from ASA to module SSM then internet connection becomes slow and sometimes internet disconnected session.
2. when I try to manually update and then following erros shows please see attachment.
Please note that I can internet ping of the SCC module. Please suggest me to solve these problems.
Concerning
Imran
Hi Imran,
I'm glad that it works after the correction of the DNS configuration.
To view SCC files-logs, you can use one of the 4 options:
1 look at one of the newspapers > menu query in the Trend Micro admin page (this is a fixed size buffer)
2. manually export logs from the Trend Micro admin page in a CSV file
3. send the logs to a syslog server (Logs > settings)
4. on the tab control of ASDM content security
Hope that helps.
-Mike
Tags: Cisco Security
Similar Questions
-
Modules ASA CSC - SSM - any good?
I wonder if anyone has opinions on whether or not this module is recommended from a stand-alone software solution. The environment is 400 users we focus mainly on url filtering, and anti-spam features would be also useful
Thank you
I have worked in several places with this module and it is very easy to use and works very well on small and medium-sized enterprises. The features that it offers are great. The follow-up is not so great, but it shows just the necessary details.
I have also worked with websense and it's generally a better product, but if you already have the ASA and 400 users you can perfectly use the CSC - SSM.
-
Hello
A user ASA 5510 with ASA-SSM-CSC-10-K9 module with more-lic(Spam/URL/Phish), in recent years, he has not renewed the contract Smartnet (CON-SNT-XXXX) and its ASA CSC - SSM module subscription has expired as well.
He now wants to upgrade to subscription CSC - SSM,
(1) upgrade the module CSC - SSM with ASACSC10-50UP1Y (50 users ASA 5500 CSC-SSM-10 w / more Lic.) will solve its purpose or must it also renew CON - SNT as well.
Because according to the Cisco document "" two services are necessary to the proper functioning of the CSC - SSM: Update software and Cisco SMARTnet® service. ""
((2) to renew the contract of Cisco Smartnet, what product it has need to renew the contract for one) would be - for module CSC - SSM -.
("SMARTNET 8X5XNBD ASA content Sec SSM - 10W / Usr 50 AV", or b) for Cisco ASA 5510? or (c) what will be the room code?
((3) at the present time, S/W of CSC - SSM version is 6.3.1172.0, he wants to renew 6.6.1125.0 - a) is this renewal fee? or (b) renewing most Lic / SMARTNet allows for upgrade version as well?
Thanks in advance,
Amit
SMARTnet for the 5510 ASA with CSC is:
CON-SNT-AS1C10K9
SMARTNET 8X5XNBD ASA 5510 Appl w / scc10, SW, 50 Usr AV/Sp.
SMARTnet coverage is a sine qua non for the subscription:
CON-SNT-ASCS10K9
SMARTNET 8X5XNBD ASA content Sec SSM - 10W / Usr 50 AV.
Having these two will allow the user to improve and update.
That said, the 5510 and CSC are ready to go end of sale. IHave you talked about their upgrade to 5512-X with module CX? It is a much more capable solution.
-
Cisco ASA 5500 CSC-SSM-20 Series
How many subscribers maximum, sessions, licenses are allowed using Cisco ASA 5500 Series CSC-SSM-20 on ASA5540 module
Use the following command 'See - activation key' to get maximum subscribers, sessions, details County licenses.
-
Could not update the Antivirus model Cisco CSC SSM
I have a Cisco ASA 5520, with Cisco ASA-SSM-CSC-10-K9. ASA version 8.4.3.
Since two days ago, reason for automatic virus protection update for Cisco CSC SSM failed, error message as below:
AntiVirusPattern: Model update: the download file failed for ActiveUpdate could not verify security information. The confidence of information database is damaged. Contact Trend Micro technical support... The error code is 62.
The license is valid and the subscription is expired September 2014.
Any body encountered a similar problem before?
Any body has Trend Micro Cisco CSC SSM helpdesk contact?
I can't find any info Trend Micro for Cisco CSC SSM.
SCC Module tcaps 1144 is available on server Trend Micro safesync:
See
-
Installation of CSC-SSM-20 on ASA5510
Hello
Is it good idea to run a CSC-SSM20 on and ASA5510, and I must have 2 gigabytes of Ram on the ASA5510?
I was wondering too, for filtering of the web. If all Internet users are behind a proxy, the CSC - SSM says that there is only one user.
I would appreciate any advice.
Thank you
.
Hello
There is no specific memory requirements for the installation of module on ASA CSC, CSC does not use the memory of ASA, the only thing he uses is the bottom of basket ASA, so the ASA can redirect internet traffic to CSC management ip for filtering. CSC has its own memory and CPU it uses.
For the second question, if trhe users behind a proxy then definitely the SCC would see demand originating from a single IP address, so you would not be able to filter the traffic at the granular level.
Hope this answer your questions.
Thank you
Varun
-
-Renewal-license module CSC SSM
Recently, my existing CSC SSM module license expired & I need to know the necessary steps & product ID to renew expired CSC SSM license module hosted on ASA-SSM-20 device:
Tip,
The system was laid off with Base & more license, 500 users.
Yes, it's at the BASE and MORE.
Please check the question as answered if that's the case, so that others can benefit from in the future.
Take care
PK
-
License number of basic CSC SSM
I am registered CSC SSM 10 with cisco.com licenses. I have received no file.when license I wil try to register for the next time it shows error like this
Please correct the errors below and to resubmit the request
We cannot provide a license at this time key. Our records indicate that the product authorization key that was entered during the registration process has yet been used, and a license key has been issued on the following date:
Issue date: March 7, 2008
Please help me solve this problem
You will need a new PAK for registration. Address an alliance with Cisco Tac cases and get the correction key (PAK) and registration.
-
From what I've read on the subject the SSM module is that there is a Base license and a license again.
The basic license allows the module SSM basic antivirus/spyware, control over your network. Most
License allows the Base license, most Email Filtering and URL filtering.
So, I guess the only way to block malicious websites and URL filtering is through the SSM?
I guess you could also simply apply ACLs, but the best way would be through the SSM.
If you higher purpose CSC - SSM with license and set up, will be there in no downtime associated with it.
When you pass the traffic that is transferred to the SCC of the ASA instead of just out of the ASA and
to the Internet?
Thanks for your help guys
Hi John,.
I guess the only way to block malicious websites and URL filtering is through the SSM?
I guess you could also simply apply ACLs, but the best way would be through the SSM?
A / as the name says this is a content filtering device, it will apply policies based on what you've set up, on the other hand the IPS - SSM will allow al traffic refusing only those he finds is ilegal so I would say that, Yes, you are right.
If you higher purpose CSC - SSM with license and set up, will be there in no downtime associated with it.
When you pass the traffic that is transferred to the SCC of the ASA instead of just out of the ASA and
to the Internet?
A / without interruption at all, remember to have the SCC of installation above, a policy of relief would be great and finally simply redirect traffic to see it working. As soon as the CSC is running there will be a peace association
Kind regards
Don't forget to note all the useful messages
Julio
-
Question on the CSC - ssm modules and aip - ssm in the ASA5500
Is it true that the CSC - ssm and aip - ssm modules cannot coexist in the device of ASA5500 at the same time?
Another issue is the site of cisco using the command keyword intra-interface involving NO IPSEC TRAFFIC, there are example of config/example
It is true that the CSC - ssm and aip - ssm modules cannot coexist in the device of ASA5500 at the same time.
It is not a sample configuration partitions on the spot yet. However, outside the control of the same security, you must the ordinary rule of translation to pass traffic. Also, because of the dynamic nature, it allows only one-way traffic. For example:
NAT (inside) 10 192.168.1.0 255.255.255.0
Global interface (10 Interior)
Global (ouotside) 10 interface (is not required however)
Sincerely,
~ AJ
-
Hello world.
I went through the CSC - SSM product data sheet at http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f.html.
In the license product he sai CSC - SSM 20 supports max 1000 users. What does that mean? This means that I can't use CSC - SSM when the number of users is more than 1000? If I'm not correct, what is the maximum number of users I can get behind CSC - SSM 20 so that it works efficintly when all features are enabled?
Thanks in advance
Deepak Khemani
Hi Deepak,
The numbers that you're talking about in the data sheet are a number of IP addresses of the single user inspected by the module. This account is a cumulative over a period of 24 hours. If the license is exceeded, the administrator will be sent an email once per day to inform them of this.
-Mike
-
Cisco CSC - SSM can block https pages?
/ * Style definitions * / table. MsoNormalTable {mso-style-name : « Tabla normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-marge-top : 0 ; mso-para-marge-droit : 0 ; mso-para-marge-bas : 10.0pt ; mso-para-marge-left : 0 ; ligne-hauteur : 115 % ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}
Hi I m new administers Trend Micro InterScan for Cisco CSC - SSM.
I have blocked access to facebok using filtering Url CSC - SSM (Communication and research/social network management), this present works very well block access to http://www.facebook.com but this morning I noticed that users can access the facebook page using the following URL https://www.facebook.com.
Pouvez Cisco SCS - SSM block/filter HTTPS traffic?
Any ideas to block access to https://www.facebook.com
Thank you.
Hello
Well since the CSC SSM inspects only SMTP, POP3, HTTP, FTP traffic, there is no way to block https using the CSC SSM.
Kind regards
SOM
P.S.: Please check question one answer, if it has been resolved. Note the useful messages. Thank you.
-
(ASA) AIP - SSM 10 Inline; Supreme events?
A 5520 ASA with SSM-10 GOAL is set to inline mode, but the events of the show for 2 hours (sensor > HS event past 02:00) of the Interior of the sensor shows and "promicuous mode", "left promicuous mode'."
This AIP SSM - 10 has only one gig0/0 and gig0/1 where o/o is taken out of service and a value default virtual sensor (vs0) is assigned to gig0/1. I see the statistics (sensor > sh SEO-engine of analysis) to gig0/1 so I collect statistics.
If the configuration of the ASA 5520 has the following policy of inline and events log shows that enter and exit in promiscuous mode so how do I check if I am inspection/recovery in inline mode?
(ASA > sh run access-list IPS)
IPS list extended access permitted ip DMZ 255.255.255.0 26.26.1.0 255.255.255.0
(ASA > sh run | b class-map)
class-map IPS
corresponds to the IP access list
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
inspect the waas
inspect the icmp
class IPS
IPS inline help
!
global service-policy global_policy
(sensor > sh interfaces)
...
Statistics interface GigabitEthernet0/1 MAC
Function of interface = interface detection
Description =
Support type = backplane
By default Vlan = 0
Inline = unpaired mode
Pair of status = n/a
Circumvention of Capable hardware = no.
Twin derivation material = n/a
Link status = upwards
Link speed = Auto_1000
Link Duplex = Auto_Full
Lack of Packet percentage = 0
Total packets received = 95044
Total number of bytes received = 8715230
Total multicast packets received = 0
Total of broadcast packets received = 0
Total fat packets received = 0
Total sousdimensionnés packets received = 0
Receive the total errors = 0
Receive FIFO overruns total = 0
Total packets transmitted = 95044
Total number of bytes sent = 9047702
Total multicast packets sent = 0
Total broadcast packets sent = 0
Total fat transmitted packets = 0
Total packets transmitted sousdimensionnés = 0
Total transmit errors = 0
Total transmit FIFO overruns = 0
sensor > sh events last 02:00
evStatus: eventId = 1203360411830836145 = Cisco vendor
Author:
login host: ASA2_IPS
appName: kernel
appInstanceId:
time: 2008-02-20 19:01:46 2008/02/20 19:01:46 UTC
syslogMessage:
Description: device ge0_1 entered promiscuous mode
evStatus: eventId = 1203360411830836146 = Cisco vendor
Author:
login host: ASA2_IPS
appName: kernel
appInstanceId:
time: 2008-02-20 19:01:53 2008/02/20 19:01:53 UTC
syslogMessage:
Description: the promiscuous mode device ge0_1 left
The left State events and entered promiscuous mode are usually generated when you do a 'package of display' or 'the capture of packets' command on the CLI of the sensor.
Track order of the package is promiscuity but is independent of promiscuity or inline followed by analysis of the probe engine.
If you have inline monitoring using the probe analysis engine.
And still make command package to the cli for your own monitoring promiscuity of those same packets. Here are 2 independent monitors of the same packages.
If I remember right inline monitored packets always get returned to the ASA (unless expressly denied), which is not promiscuous packets. So check sensors gig0/1 interface statistics and the number of packets for transmission. If receive and transmit accounts are quite close, then packets are monitored by the analytical engine InLine. If the number of transmission is nil or very low then the packets are likely promiscuous monitored.
With the configuration of your ASA you are correctly configured for online tracking.
So I don't think that you are investigating inline, and status messages are specific to your start and stop of the command 'package' on the CLI for your own independent viewing packages promiscuity.
-
The ACE IPS Cisco and Cisco ASA AIP - SSM (IPS)
Is there a difference between the features offered by the Cisco ACE IPS and Cisco ASA AIP - SSM (IPS) devices?
Can we do without Cisco ASA AIP - SSM (IPS) of 'only' configuration/implementation Cisco ACE IPS.
Cisco AVS/ACE emphasis on commissioning and to secure web-based applications. IP addresses do not focus on just the web applications and trying to get the multiple layers of the OSI stack. Consider the IPS as a general practitioner and the ACE/AVS as an eye surgeon, or something :)
Here is the response from Cisco itself:
Q: how is Cisco AVS Firewall application differs from an intrusion prevention system (IPS)?
A. IPSs are solid solutions of protection against targeted attacks of known vulnerabilities in major platforms such as Windows, Solaris, Apache or Microsoft Internet Information Services (IIS). Cisco AVS excels to protect against targeted attacks Web sites or enterprise applications. These applications can be built custom internal applications or software vendor. Signatures and security patches are generally not available for these types of applications, and building these security levels in each application, it would be almost impossible.
Q: how is Cisco AVS Firewall application differs by a network firewall?
A. The Cisco AVS 3120 and Firewall network such as the Firewall of Cisco PIX® and Cisco ASA 5500 Series Adaptive Security appliances are complementary products. The application Cisco AVS Firewall secures Web applications; excellent network in the network security firewall. and the Cisco AVS provides defense in depth for Web applications.
Firewall network apply policy networks, IP addresses and ports; they have a wide range of application for many different protocols layer features. The firewall can and will be deployed in many locations, including the edge, edge of the enterprise network, branch, etc. Cisco AVS imposed the policy on data HTTP as URL, headers and parameters. Cisco AVS is deployed in the data center in front of Web applications
Concerning
Farrukh
-
Physical connectivity of ASA AIP - SSM
How the physical connectivity of ASA AIP - SSM should be in the case of inline interface mode of inspection for all interfaces of the firewall. ?
Rgds.
Assuming that 'interface_policy' has "inline ips" in the policy, then yes your configuration is correct.
Keep in mind that 'GigabitEthernet0/1' being assigned to vs0 is the background interface of basket of the MSS itself and should not be confused with the external interface GigabitEthernet0/1 of the SAA.
As for using several virtual probes, it is a personal choice.
When you use an ASA with just a single context, then usually a single virtual sensor is sufficient. It's only when you want to follow for traffic coming from firewall interfaces (or different classes of traffic) If you want to use several different virtual devices.
However, when you use an ASA with multiple security contexts, then it is usually a good idea to go and use a virtual sensor separate from the context of the ASA.
If you choose to use several virtual devices, you must understand that the background basket interface GigabitEthernet0/1 are only awarded to only 1 virtual sensors.
Here is an explanation of how the other virtual sensors would get traffic:
When packets are sent to DFS for monitoring ASA, ASA includes a special header in each packet. Special information such as the framework of the SAA whence the package, the real and NAT/PAT package addresses, and a few other things. An important field of this header is for the virtual sensor. He tells the SSM which virtual sensor must monitor this package.
When the ASA is configured without using the names of virtual sensor, this is a virtual sensor in the package header field is blank. If the SSM sees a package with the field left blank it will check the DFS configuration to see which virtual sensor GigabitEthernet0/1 of the SSM has been assigned and that sends the packets to the virtual sensor.
If ASA has been configured to send the packet to a specific virtual sensor (be it by adding the name of virtual sensor at the end of the "inline ips" entered configuration or by using the configuration entries "allocate ips" in the context of system configuration) then the ASA will include the virtual sensor in the header of the packet. The SSM will read in this area, and instead to send the virtual sensor where Gig0/1 is assigned, it will rather send to virtual sensor specified in the header of the packet.
Indeed, it overrides the assignment Gig0/1 and will lead to what ever virtual sensor has been specified by the configuration of the SAA.
Maybe you are looking for
-
I have an iMac 5 k (with 1 year warranty expires soon) which works perfectly until recently. It seems to out of himself. The screen goes suddenly completely dark and keyboard led light would come on and then off. It happened three times and all three
-
Need instruction how to install Windows XP on the Satellite A200-1AE
Hello someone can write a statement of installation of Windows XP Professional on this laptop?What I need before instalation? I have a oryginal Windows XP. Drivers which I must have before? And what about the safe? I guess that my SATA drive PC and i
-
Recovery disks system - lost, how to replace?
Hello I have a PC desktop, HP Pavilion Elite HPE - 170 to run Windows 7 Home Premium 64-bit with SP1. It was bought in 2010 with the operating system already installed in the store where I bought it here in Australia. I managed to lose the 3 'system
-
Windows tells me it cannot find the files to play in one of my music, why is this?
When I click on any track, I get a message saying that Windows Media Player cannot find the file. Why is this and how to solve the problem?
-
Cannot delete the program files x 86
HelloI upgraded from Windows Vista to Windows 7 32 bit 64 bit. This is still a Program Files x 86 folder that I am trying to get rid. I managed to remove most of the files, and I was able to change the permission of owner so I can delete some other f