Cisco Systems ASA 5580 Manual De Usuario
30-20
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 30 Configuring the ASA CX Module
Configuring the ASA CX Module
Configuring Traffic-Forwarding Interfaces (Monitor-Only Mode)
This section configures traffic-forwarding interfaces, where all traffic is forwarded directly to the ASA
CX module. This method is for demonstration purposes only. For a normal ASA CX service policy, see
the
CX module. This method is for demonstration purposes only. For a normal ASA CX service policy, see
the
. See also the
for guidelines and limitations specific to traffic-forwarding interfaces.
Prerequisites
•
Be sure to configure both the ASA policy and the ASA CX to have matching modes: both in
monitor-only.
monitor-only.
•
In multiple context mode, perform this procedure within each security context.
Step 6
(Optional)
class
name2
Example:
ciscoasa(config-pmap)# class cx_class2
If you created multiple class maps for ASA CX traffic, you can
specify another class for the policy.
specify another class for the policy.
See the
for detailed information about how the order of classes
matters within a policy map. Traffic cannot match more than one
class map for the same action type.
class map for the same action type.
Step 7
(Optional)
cxsc
{fail-close | fail-open} [auth-proxy
| monitor-only]
Example:
ciscoasa(config-pmap-c)# cxsc fail-close
auth-proxy
Specifies that the second class of traffic should be sent to the ASA
CX module.
CX module.
Add as many classes as desired by repeating these steps.
Step 8
service-policy
policymap_name {global |
interface
interface_name}
Example:
ciscoasa(config)# service-policy cx_policy
interface outside
Activates the policy map on one or more interfaces. global applies
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.
the policy map to all interfaces, and interface applies the policy
to one interface. Only one global policy is allowed. You can
override the global policy on an interface by applying a service
policy to that interface. You can only apply one policy map to
each interface.
Command
Purpose