Redirecting traffic to the asa cx module, Redirecting traffic to the asa, Redirecting traffic to the asa cx module” section – Cisco ASA 5505 User Manual

Page 1257

Advertising
background image

59-11

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 59 Configuring the ASA CX Module

Configuring the ASA CX Module

Redirecting Traffic to the ASA CX Module

This section identifies traffic to redirect from the ASA to the ASA CX module. Configure this policy on
the ASA.

Note

When using PRSM in multiple device mode, you can configure the ASA policy for sending traffic to the
ASA CX module within PRSM, instead of using ASDM or the ASA CLI. However, PRSM has some
limitations when configuring the ASA service policy; see the ASA CX user guide for more information.

Prerequisites

If you enable the authentication proxy on the ASA using this procedure, be sure to also configure a
directory realm for authentication on the ASA CX module. See the ASA CX user guide for more
information.

Detailed Steps

Command

Purpose

Step 1

class-map

name

Example:

hostname(config)# class-map cx_class

Creates a class map to identify the traffic for which you want to
send to the ASA CX module.

If you want to send multiple traffic classes to the ASA CX
module, you can create multiple class maps for use in the security
policy.

Step 2

match

parameter

Example:

hostname(config-cmap)# match access-list

cx_traffic

Specifies the traffic in the class map. See the

“Identifying Traffic

(Layer 3/4 Class Maps)” section on page 32-12

for more

information.

Step 3

policy-map

name

Example:

hostname(config)# policy-map cx_policy

Adds or edits a policy map that sets the actions to take with the
class map traffic.

Step 4

class

name

Example:

hostname(config-pmap)# class cx_class

Identifies the class map you created in

Step 1

.

Step 5

cxsc

{fail-close | fail-open} [auth-proxy]

Example:

hostname(config-pmap-c)# cxsc fail-close

auth-proxy

Specifies that the traffic should be sent to the ASA CX module.

The fail-close keyword sets the ASA to block all traffic if the ASA
CX module is unavailable.

The fail-open keyword sets the ASA to allow all traffic through,
uninspected, if the ASA CX module is unavailable.

The auth-proxy keyword enables the authentication proxy, which
is required for active authentication.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals