ASA 5510 - CSC access-list question

After enabling CSC to scan http, ftp, and smtp taffic I noticed the below syntax in my config.  Is this normal?access-list outside_mpc extended permit tcp any any object-group DM_INLINE_TCP_1
access-list global_mpc extended permit tcp any any object-group DM_INLINE_TCP_2
object-group service DM_INLINE_TCP_1 tcp
 port-object eq ftp
 port-object eq www
 port-object eq pop3
 port-object eq smtp
object-group service DM_INLINE_TCP_2 tcp
 port-object eq ftp
 port-object eq www
 port-object eq pop3
 port-object eq smtp
gopher_49Asked:
Who is Participating?
 
lrmooreCommented:
I would assume that one of them does relate to the CSC module. Probably the 2nd one, since Cisco's typical behavior is to number the rules/groups as you change them /redo them in the GUI interface.
0
 
lrmooreCommented:
Since both groups are identical, it looks like you configured it twice? Depending on which group is actually being used (probably #2), you should be able to remove the other group.
0
 
gopher_49Author Commented:
I'll give it a shot.  I'll backup my config first for it's working so well.  Do these groups have anything to do with my CSC antix module?
0
 
gopher_49Author Commented:
There are two sections of my CSC module.  One is for scanning smtp and one for scanning http.  At first I had it setup to only scan http and then later enabled the smtp scanning.  Do you think it's safe to get rid of one of them?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.