Cisco CSC Module Error – Activation Warning

KB ID 0000392 

Problem

You try to connect to your Cisco CSC module, and see the following error.

Error: Activation Warning CSC is not activated. Please run setup wizard under Configuration > Trend Micro Content Security > CSC Setup > Wizard Setup to perform setup process. Click OK button to to to Trend Micro Content Security Setup wizard.

Naturally if you’ve never setup the CSC you are going to see this, but what if it suddenly starts doing this?

Solution

1. Connect to the ASA that the CSC module is in.

2. Issue the following command,

[box]sh modu 1 det[/box]

3. This ones unresponsive, it probably just need restarting, to do that issue the following command.

[box]hw-module module 1 reset[/box]

4. They can take a little while to come up (apply the cup of coffee rule). Then to see if it’s back up again use the same command you used earlier.

[box]sh mod 1 det[/box]

That didn’t work! Sometimes CSC modules do fail!, I had one client go through three in a year, If doing the above or running through the setup wizard (you did write down the licence numbers that came with the CSC didn’t you?) doesn’t work then you need to log a call to TAC.

 

Related Articles, References, Credits, or External Links

Cisco CSC Module stop it scanning its own update traffic

Changing the IP Address / Subnet Mask of a Cisco CSC Module

KB ID 0000781 

Problem

I had a client re-address their network this weekend, I was asked to make the relevant changes on the firewall. I know the CSC has a web interface, but as I usually work at command line I wanted to work out how to do it that way.

Solution

In the example below I will change the CSC module form 192.168.1.254/24 to 172.16.1.254/16.

1. Connect to the ASA, and check that the CSC module is up and healthy.

Note: Due the the limitations of HTML the output on you ASA will look a little neater like this.

[box]

User Access Verification

Password:
Type help or '?' for a list of available commands.
Petes-ASA> enable
Password: *******
Petes-ASA# show module 1 detail
Getting details from the Service Module, please wait...
ASA 5500 Series Content Security Services Module-10
Model: ASA-SSM-CSC-10-K9
Hardware version: 1.0
Serial Number: JAF1443AXXX
Firmware version: 1.0(11)5
Software version: CSC SSM 6.6.1125.0
MAC Address Range: d0d0.fdfe.a557 to d0d0.fdfe.a557
App. name: CSC SSM
App. Status: Up
App. Status Desc: CSC SSM scan services are available
App. version: 6.6.1125.0
Data plane Status: Up
Status: Up
HTTP Service: Up
HTTPS Service: Up
Mail Service: Up
FTP Service: Up
Activated: Yes
Mgmt IP addr: 192.168.1.254
Mgmt web port: 8443
Peer IP addr: <not enabled>

[/box]

2. Connect to the CSC module and choose option 1 (Network Settings). Note: the username is cisco and the password will be the password you use to log onto the CSC web console.

[box]

Petes-ASA# session 1
Opening command session with slot 1.
Connected to slot 1. Escape character sequence is 'CTRL-^X'.

login: cisco
Password:*******
***NOTICE***
This product contains cryptographic features and is subject to United States
and local country laws governing import, export, transfer and use. Delivery
of Cisco cryptographic products does not imply third-party authority to import,
export, distribute or use encryption. Importers, exporters, distributors and
users are responsible for compliance with U.S. and local country laws. By using
this product you agree to comply with applicable laws and regulations. If you
are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg

If you require further assistance please contact us by sending email to
export@cisco.com.

 

Trend Micro InterScan for Cisco CSC SSM Setup Main Menu
---------------------------------------------------------------------

1. Network Settings
2. Date/Time Settings
3. Product Information
4. Service Status
5. Password Management
6. Restore Factory Default Settings
7. Troubleshooting Tools
8. Reset Management Port Access Control List
9. Ping
10. Exit ...

Enter a number from [1-10]: 1

[/box]

3. Enter ‘y’ for yes to change the settings > Type in the new details (just press enter to proceed without changing any of the options).

[box]

Network Settings
---------------------------------------------------------------------

IP 192.168.1.254
Netmask 255.255.255.0
Hostname CSC
Domain name petenetlive.com
MAC address D0:D0:FD:FE:A5:57

Primary DNS 192.168.1.3

Gateway 192.168.1.1
No Proxy

Do you want to modify the network settings? [y|n] y

Network Settings
---------------------------------------------------------------------

Enter the SSM card IP address: (default:192.168.1.254)172.16.1.254
Enter subnet mask: (default:255.255.255.0) 255.255.0.0
Enter host name: (default:CSC)
Enter domain name: (default:petenetlive.com)
Enter primary DNS IP address: (default:192.168.0.3)172.16.1.10
Enter optional secondary DNS IP address:
Enter gateway IP address: (default:192.168.0.254)172.16.1.1
Do you use a proxy server? [y|n] (default:no)
Stopping services:
OK
Applying network settings ...
Starting services: OK

[/box]

4. Press Enter to return to the main menu, you can check the change was successful by selecting option 1 again, but this time enter ‘n’ when asked if you want to change anything.

[box]

Press Enter to continue ...

Trend Micro InterScan for Cisco CSC SSM Setup Main Menu
---------------------------------------------------------------------

1. Network Settings
2. Date/Time Settings
3. Product Information
4. Service Status
5. Password Management
6. Restore Factory Default Settings
7. Troubleshooting Tools
8. Reset Management Port Access Control List
9. Ping
10. Exit ...

Enter a number from [1-10]: 1

Network Settings
---------------------------------------------------------------------

IP 172.16.1.254
Netmask 255.255.0.0
Hostname CSC
Domain name petenetlive.com
MAC address D0:D0:FD:FE:A5:57

Primary DNS 172.16.1.10

Gateway 172.16.1.1
No Proxy

Do you want to modify the network settings? [y|n] n

[/box]

5. Exit the main menu, then choose reboot (Note: This reboots the module NOT the ASA.)

[box]

Trend Micro InterScan for Cisco CSC SSM Setup Main Menu
---------------------------------------------------------------------

1. Network Settings
2. Date/Time Settings
3. Product Information
4. Service Status
5. Password Management
6. Restore Factory Default Settings
7. Troubleshooting Tools
8. Reset Management Port Access Control List
9. Ping
10. Exit ...

Enter a number from [1-10]: 10

Exit Options
---------------------------------------------------------------------

1. Logout
2. Reboot
3. Return to Main Menu

Enter a number from [1-3]: 2
Please wait while rebooting.
Please wait while rebooting.
Remote card closed command session. Press any key to continue.
Command session with slot 1 terminated.

[/box]

6. You can check its status, for a while it will say its ‘unresponsive’. Eventually it will say all services are ‘up’

[box]

Petes-ASA# show module 1 detail
Getting details from the Service Module, please wait...
Unable to read details from slot 1
ASA 5500 Series Content Security Services Module-10
Model: ASA-SSM-CSC-10-K9
Hardware version: 1.0
Serial Number: JAF1443AXXX
Firmware version: 1.0(11)5
Software version: CSC SSM 6.6.1125.0
MAC Address Range: d0d0.fdfe.a557 to d0d0.fdfe.a557
App. name: CSC SSM
App. Status: Not Applicable
App. Status Desc: Not Applicable
App. version: 6.6.1125.0
Data plane Status: Not Applicable
Status: Unresponsive <<<<

Petes-ASA# show module 1 detail
Getting details from the Service Module, please wait...
ASA 5500 Series Content Security Services Module-10
Model: ASA-SSM-CSC-10-K9
Hardware version: 1.0
Serial Number: JAF1443AXXX
Firmware version: 1.0(11)5
Software version: CSC SSM 6.6.1125.0
MAC Address Range: d0d0.fdfe.a557 to d0d0.fdfe.a557
App. name: CSC SSM
App. Status: Up
App. Status Desc: CSC SSM scan services are available
App. version: 6.6.1125.0
Data plane Status: Up
Status: Up
HTTP Service: Up
HTTPS Service: Up
Mail Service: Up
FTP Service: Up
Activated: Yes
Mgmt IP addr: 172.16.1.254
Mgmt web port: 8443
Peer IP addr: <not enabled>
Petes-ASA#

[/box]

7. Finally you can check the IP address, from the web console.

Related Articles, References, Credits, or External Links

NA