KB ID 0000781
Problem
I had a client re-address their network this weekend, I was asked to make the relevant changes on the firewall. I know the CSC has a web interface, but as I usually work at command line I wanted to work out how to do it that way.
Solution
In the example below I will change the CSC module form 192.168.1.254/24 to 172.16.1.254/16.
1. Connect to the ASA, and check that the CSC module is up and healthy.
Note: Due the the limitations of HTML the output on you ASA will look a little neater like this.
User Access Verification Password: Type help or '?' for a list of available commands. Petes-ASA> enable Password: ******* Petes-ASA# show module 1 detail Getting details from the Service Module, please wait... ASA 5500 Series Content Security Services Module-10 Model: ASA-SSM-CSC-10-K9 Hardware version: 1.0 Serial Number: JAF1443AXXX Firmware version: 1.0(11)5 Software version: CSC SSM 6.6.1125.0 MAC Address Range: d0d0.fdfe.a557 to d0d0.fdfe.a557 App. name: CSC SSM App. Status: Up App. Status Desc: CSC SSM scan services are available App. version: 6.6.1125.0 Data plane Status: Up Status: Up HTTP Service: Up HTTPS Service: Up Mail Service: Up FTP Service: Up Activated: Yes Mgmt IP addr: 192.168.1.254 Mgmt web port: 8443 Peer IP addr: <not enabled>
2. Connect to the CSC module and choose option 1 (Network Settings). Note: the username is cisco and the password will be the password you use to log onto the CSC web console.
Petes-ASA# session 1 Opening command session with slot 1. Connected to slot 1. Escape character sequence is 'CTRL-^X'. login: cisco Password:******* ***NOTICE*** This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg If you require further assistance please contact us by sending email to export@cisco.com. Trend Micro InterScan for Cisco CSC SSM Setup Main Menu --------------------------------------------------------------------- 1. Network Settings 2. Date/Time Settings 3. Product Information 4. Service Status 5. Password Management 6. Restore Factory Default Settings 7. Troubleshooting Tools 8. Reset Management Port Access Control List 9. Ping 10. Exit ... Enter a number from [1-10]: 1
3. Enter ‘y’ for yes to change the settings > Type in the new details (just press enter to proceed without changing any of the options).
Network Settings --------------------------------------------------------------------- IP 192.168.1.254 Netmask 255.255.255.0 Hostname CSC Domain name petenetlive.com MAC address D0:D0:FD:FE:A5:57 Primary DNS 192.168.1.3 Gateway 192.168.1.1 No Proxy Do you want to modify the network settings? [y|n] y Network Settings --------------------------------------------------------------------- Enter the SSM card IP address: (default:192.168.1.254)172.16.1.254 Enter subnet mask: (default:255.255.255.0) 255.255.0.0 Enter host name: (default:CSC) Enter domain name: (default:petenetlive.com) Enter primary DNS IP address: (default:192.168.0.3)172.16.1.10 Enter optional secondary DNS IP address: Enter gateway IP address: (default:192.168.0.254)172.16.1.1 Do you use a proxy server? [y|n] (default:no) Stopping services: OK Applying network settings ... Starting services: OK
4. Press Enter to return to the main menu, you can check the change was successful by selecting option 1 again, but this time enter ‘n’ when asked if you want to change anything.
Press Enter to continue ... Trend Micro InterScan for Cisco CSC SSM Setup Main Menu --------------------------------------------------------------------- 1. Network Settings 2. Date/Time Settings 3. Product Information 4. Service Status 5. Password Management 6. Restore Factory Default Settings 7. Troubleshooting Tools 8. Reset Management Port Access Control List 9. Ping 10. Exit ... Enter a number from [1-10]: 1 Network Settings --------------------------------------------------------------------- IP 172.16.1.254 Netmask 255.255.0.0 Hostname CSC Domain name petenetlive.com MAC address D0:D0:FD:FE:A5:57 Primary DNS 172.16.1.10 Gateway 172.16.1.1 No Proxy Do you want to modify the network settings? [y|n] n
5. Exit the main menu, then choose reboot (Note: This reboots the module NOT the ASA.)
Trend Micro InterScan for Cisco CSC SSM Setup Main Menu --------------------------------------------------------------------- 1. Network Settings 2. Date/Time Settings 3. Product Information 4. Service Status 5. Password Management 6. Restore Factory Default Settings 7. Troubleshooting Tools 8. Reset Management Port Access Control List 9. Ping 10. Exit ... Enter a number from [1-10]: 10 Exit Options --------------------------------------------------------------------- 1. Logout 2. Reboot 3. Return to Main Menu Enter a number from [1-3]: 2 Please wait while rebooting. Please wait while rebooting. Remote card closed command session. Press any key to continue. Command session with slot 1 terminated.
6. You can check its status, for a while it will say its ‘unresponsive’. Eventually it will say all services are ‘up’
Petes-ASA# show module 1 detail Getting details from the Service Module, please wait... Unable to read details from slot 1 ASA 5500 Series Content Security Services Module-10 Model: ASA-SSM-CSC-10-K9 Hardware version: 1.0 Serial Number: JAF1443AXXX Firmware version: 1.0(11)5 Software version: CSC SSM 6.6.1125.0 MAC Address Range: d0d0.fdfe.a557 to d0d0.fdfe.a557 App. name: CSC SSM App. Status: Not Applicable App. Status Desc: Not Applicable App. version: 6.6.1125.0 Data plane Status: Not Applicable Status: Unresponsive <<<< Petes-ASA# show module 1 detail Getting details from the Service Module, please wait... ASA 5500 Series Content Security Services Module-10 Model: ASA-SSM-CSC-10-K9 Hardware version: 1.0 Serial Number: JAF1443AXXX Firmware version: 1.0(11)5 Software version: CSC SSM 6.6.1125.0 MAC Address Range: d0d0.fdfe.a557 to d0d0.fdfe.a557 App. name: CSC SSM App. Status: Up App. Status Desc: CSC SSM scan services are available App. version: 6.6.1125.0 Data plane Status: Up Status: Up HTTP Service: Up HTTPS Service: Up Mail Service: Up FTP Service: Up Activated: Yes Mgmt IP addr: 172.16.1.254 Mgmt web port: 8443 Peer IP addr: <not enabled> Petes-ASA#
7. Finally you can check the IP address, from the web console.
Related Articles, References, Credits, or External Links
NA