Cisco Systems ASA 5580 Manual De Usuario

This section configures traffic-forwarding interfaces, where all traffic is forwarded directly to the ASA 
CX module. This method is for demonstration purposes only. For a normal ASA CX service policy, see 
the 

For more information see the 

. See also the 

 for guidelines and limitations specific to traffic-forwarding interfaces.

Be sure to configure both the ASA policy and the ASA CX to have matching modes: both in 
monitor-only.

In multiple context mode, perform this procedure within each security context.

(Optional)

ciscoasa(config-pmap)# class cx_class2

If you created multiple class maps for ASA CX traffic, you can 
specify another class for the policy.

See the 

 for detailed information about how the order of classes 

matters within a policy map. Traffic cannot match more than one 
class map for the same action type.

(Optional)

 {fail-close | fail-open} [auth-proxy 

| monitor-only]

ciscoasa(config-pmap-c)# cxsc fail-close 

auth-proxy

Specifies that the second class of traffic should be sent to the ASA 
CX module.

Add as many classes as desired by repeating these steps.

policymap_name {global | 

interface_name}

ciscoasa(config)# service-policy cx_policy 

interface outside

Activates the policy map on one or more interfaces. global applies 
the policy map to all interfaces, and interface applies the policy 
to one interface. Only one global policy is allowed. You can 
override the global policy on an interface by applying a service 
policy to that interface. You can only apply one policy map to 
each interface.