This document describes how to keep the unreferenced access-lists that
are not used by other CLI commands, such as an access-group, within deployment
in the Cisco Security Manager (CSM).
This document assumes that CSM is installed and works properly.
The information in this document is based on the CSM 3.0.1 and
The information in this document was created from the devices in a
specific lab environment. All of the devices used in this document started with
a cleared (default) configuration. If your network is live, make sure that you
understand the potential impact of any command.
Technical Tips Conventions for more information on document
In the CSM, the problem is how to keep the access-lists that are not
used by other CLI commands, such as an access-group, within deployment.
An example is if the PIX configuration has access-lists that are not a
part of an access-group. When the CSM starts to manage the PIX, the CSM must
delete those access-lists by default.
Use this solution in order to solve the problem.
In the CSM Client, choose Tools > Security Manager
Administration > Deployment; notice a check-box for remove
unreferenced access-lists on device (enabled by default).
Uncheck this option.