How to configure ASA to allow traffic from internal host to go to internet bypassing the CSC Module

Posted on 2008-11-06
Last Modified: 2012-05-05
How to configure ASA5510  to allow traffic from internal host to go to internetwithout being scanned by the CSC Module
Question by:er_vik
    LVL 3

    Accepted Solution

    In general you simply define a service policy for the CSC that explicitly prevents the traffic for that internal host from going to the CSC module for scanning.

    In practice, those service policies usually show up as an access-list in command line, so your fix would look like this:
    access-list csc_out deny ip host any
    access-list csc_out permit tcp any eq 21
    access-list csc_out deny tcp eq 80
    access-list csc_out permit tcp any eq 80
    access-list csc_out permit tcp any eq 110

    class-map csc_outbound_class
         match access-list csc_out

    policy-map csc_out_policy
         class csc_outbound_class
         csc fail-close
         service-policy csc_out_policy interface inside

    The deny statement at the beginning here would exempt from going to the CSC module for being scanned.

    For further information, take a look here:

    LVL 5

    Expert Comment

    uncheck CSC inspection from GUI, in CSC module.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Suggested Solutions

    Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
    I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    This video discusses moving either the default database or any database to a new volume.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now