CSM: How to Keep the Unreferenced Access-Lists

Introduction

This document describes how to keep the unreferenced access-lists that are not used by other CLI commands, such as an access-group, within deployment in the Cisco Security Manager (CSM).

Prerequisites

Requirements

This document assumes that CSM is installed and works properly.

Components Used

The information in this document is based on the CSM 3.0.1 and later.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Problem

In the CSM, the problem is how to keep the access-lists that are not used by other CLI commands, such as an access-group, within deployment.

An example is if the PIX configuration has access-lists that are not a part of an access-group. When the CSM starts to manage the PIX, the CSM must delete those access-lists by default.

Solution

Use this solution in order to solve the problem.

1. In the CSM Client, choose Tools > Security Manager Administration > Deployment; notice a check-box for remove unreferenced access-lists on device (enabled by default).

2. Uncheck this option.

   

Related Information

• Cisco Security Manager Support Page
• Cisco PIX Firewall Software
• Cisco Secure PIX Firewall Command References
• Security Product Field Notices (including PIX)
• Requests for Comments (RFCs)
• Technical Support & Documentation - Cisco Systems