Cisco ASA 5506-X Configuration Manual page 388
Cli
Hide thumbs
Also See for ASA 5506-X:
- Installation manual (46 pages) ,
- Hardware installation manual (26 pages) ,
- Quick start manual (14 pages)
Advertisement
Configure the ASA CX Module
Example:
hostname(config)# policy-map global_policy
In the default configuration, the global_policy policy map is assigned globally to all interfaces. If you
want to edit the global_policy, enter global_policy as the policy name.
Identify the class map you created at the start of this procedure.
Step 3
class name
Example:
hostname(config-pmap)# class cx_class
Send the traffic to the ASA CX module.
Step 4
cxsc {fail-close | fail-open} [auth-proxy | monitor-only]
Where:
•
•
•
•
Example:
hostname(config-pmap-c)# cxsc fail-close auth-proxy
If you created multiple class maps for ASA CX traffic, you can specify another class for the policy and
Step 5
apply the cxsc redirect action.
See
classes matters within a policy map. Traffic cannot match more than one class map for the same action
type.
If you are editing an existing service policy (such as the default global policy called global_policy), you
Step 6
are done. Otherwise, activate the policy map on one or more interfaces.
service-policy policymap_name {global | interface interface_name}
Example:
hostname(config)# service-policy global_policy global
The global keyword applies the policy map to all interfaces, and interface applies the policy to one
interface. Only one global policy is allowed. You can override the global policy on an interface by
applying a service policy to that interface. You can only apply one policy map to each interface.
Configure Traffic-Forwarding Interfaces (Monitor-Only Mode)
For demonstration purposes only, you can configure traffic-forwarding interfaces, where all traffic is
forwarded directly to the ASA CX module. For normal ASA CX operation, see
Service Policy, page
Cisco ASA Series Firewall CLI Configuration Guide
17-18
The fail-close keyword sets the ASA to block all traffic if the ASA CX module is unavailable.
The fail-open keyword sets the ASA to allow all traffic through, uninspected, if the module is
unavailable.
The optional auth-proxy keyword enables the authentication proxy, which is required for active
authentication.
For demonstration purposes only, specify monitor-only to send a read-only copy of traffic to the
ASA CX module. You must configure all classes and policies to be either in monitor-only mode, or
in normal inline mode; you cannot mix both modes on the same ASA.
Feature Matching Within a Service Policy, page 1-5
17-17.
Chapter 17
for detailed information about how the order of
Create the ASA CX
ASA CX Module
- Quick Links:
- Table of Contents
Hide quick links:
Advertisement
