Document ID: 99723
Updated: Oct 26, 2007
Contents
Introduction
This document describes how to keep the unreferenced access-lists that are not used by other CLI commands, such as an access-group, within deployment in the Cisco Security Manager (CSM).
Prerequisites
Requirements
This document assumes that CSM is installed and works properly.
Components Used
The information in this document is based on the CSM 3.0.1 and later.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Conventions
Refer to Cisco Technical Tips Conventions for more information on document conventions.
Problem
In the CSM, the problem is how to keep the access-lists that are not used by other CLI commands, such as an access-group, within deployment.
An example is if the PIX configuration has access-lists that are not a part of an access-group. When the CSM starts to manage the PIX, the CSM must delete those access-lists by default.
Solution
Use this solution in order to solve the problem.
-
In the CSM Client, choose Tools > Security Manager Administration > Deployment; notice a check-box for remove unreferenced access-lists on device (enabled by default).
-
Uncheck this option.
Related Information
Open a Support Case 
(Requires a Cisco Service Contract.)
Related Cisco Support Community Discussions
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.