Guest

Preview Tool

Cisco Bug: CSCtd60804 - CSM managing A/A FWSM will not use configured management ip of context

Last Modified

Feb 20, 2018

Products (1)

  • Cisco Security Manager

Known Affected Releases

3.2(2)

Description (partial)

Symptom:
When using CSM to manage active/active Firewalls, when you configure a management ip address to manage a context directly, CSM will continue to use the admin/system space ip address to access the conext with the 'changeto context xxxxx' capability.

In A/A failover, this causes deployments to fail to contexts active in group 2 on the secondary FWSM.

Conditions:
This condition is triggered with a specific process used to configure the management ip address of the contexts

-  import the firewall via the system/admin context which automatically imports all contexts
-  select your system space in csm and on the Security Contexts configuration page, right click on your context and select 'edit row'
- configure the Management IP Addr, hit ok, and then save.
- select the context itself, right click and go to device properties to configure credentials.

any changes made and deployed to this context will NOT use the configured management ip address but will use the admin/system space ip address.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.