60-16
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter60 Configuring the ASA CSC Module
Configuration Examples for the CSC SSM
Reloading or Resetting the Module
To reload or reset the module, enter one of the following commands at the ASA CLI.
Detailed Steps
Shutting Down the Module
If you restart the ASA, the module is not automatically restarted. To shut down the module, perform the
following steps at the ASA CLI.
Detailed Steps
Configuration Examples for the CSC SSM
To identify the traffic that you want to scan, you can configure the ASA in different ways. One approach
is to define two service policies, one on the inside interface and one on the outside interface, each with
an access list that matches traffic to be scanned. The following example is based on the network shown
in Figure60-3 and shows the creation of two service policies for a common CSC SSM scanning scenario:
The first policy, csc_out_policy, is applied to the inside interface and uses the csc_out access list to
ensure that all outbound requests for FTP and POP3 are scanned. The csc_out access list also
ensures that HTTP connections from inside to networks on the outside interface are scanned, but it
includes a deny ACE to exclude HTTP connections from inside to servers on the DMZ network.
Command Purpose
hw-module module 1 reload
Example:
hostname# hw-module module 1 reload
Reloads the module software.
hw-module module 1 reset
Example:
hostname# hw-module module 1 reset
Performs a reset, and then reloads the module.
Command Purpose
hw-module module 1 shutdown
Example:
hostname# hw-module module 1 shutdown
Shuts down the module.