This document describes how to keep the unreferenced access-lists that are not used by other CLI commands, such as an access-group, within deployment in the Cisco Security Manager (CSM).
This document assumes that CSM is installed and works properly.
The information in this document is based on the CSM 3.0.1 and later.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Refer to Cisco Technical Tips Conventions for more information on document conventions.
In the CSM, the problem is how to keep the access-lists that are not used by other CLI commands, such as an access-group, within deployment.
An example is if the PIX configuration has access-lists that are not a part of an access-group. When the CSM starts to manage the PIX, the CSM must delete those access-lists by default.
Use this solution in order to solve the problem.
In the CSM Client, choose Tools > Security Manager Administration > Deployment; notice a check-box for remove unreferenced access-lists on device (enabled by default).
Uncheck this option.