Preview Tool

Cisco Bug: CSCsz30738 - CSM CVO changing nat config after each deployment

Last Modified

Nov 10, 2016

Products (1)

  • Cisco Security Manager

Known Affected Releases

3.2(2) 4.1(0)QA6

Description (partial)


CSM used for device provisioning is deleting and adding "ip nat inside" on the interface.

This behavior is observed with Device provisioning when the configuration that is supposed to be pushed to the provisioned device has "ip nat inside". Here are the steps to reproduce:
1. We have a template device that has nat configured (ip nat inside)
2. Create a new device choosing the option 3 (greenfield devices)
3. Copy policies from a template device to greenfield device
4. Define the deployment via the configuration engine
5. Upon successful deployment the correct config has been pushed to the device, and we have nat on inside interface. However, in the device preview on CSM we see that the device has "no ip nat inside" configured on the same inside interface. The next deployment would actually push this new config, and erase the inside nat config
6. This will repeat indefinitely, one deployment would remove the nat inside and next deployment would bring it in and so on
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.