Cisco Systems and the ASA Services Module Network Router User Manual


 
30-18
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 30 Configuring the ASA CX Module
Configuring the ASA CX Module
Redirecting Traffic to the ASA CX Module
You can redirect traffic to the ASA CX module by creating a service policy that identifies specific traffic.
For demonstration purposes only, you can also enable monitor-only mode for the service policy, which
forwards a copy of traffic to the ASA CX module, while the original traffic remains unaffected.
Another option for demonstration purposes is to configure a traffic-forwarding interface instead of a
service policy in monitor-only mode. The traffic-forwarding interface sends all traffic directly to the
ASA CX module, bypassing the ASA.
Creating the ASA CX Service Policy, page 30-18
Configuring Traffic-Forwarding Interfaces (Monitor-Only Mode), page 30-20
Creating the ASA CX Service Policy
This section identifies traffic to redirect from the ASA to the ASA CX module. Configure this policy on
the ASA. If you want to use a traffic-forwarding interface for demonstration purposes, skip this
procedure and see the “Configuring Traffic-Forwarding Interfaces (Monitor-Only Mode)” section on
page 30-20 instead.
Note When using PRSM in multiple device mode, you can configure the ASA policy for sending traffic to the
ASA CX module within PRSM, instead of using ASDM or the ASA CLI. However, PRSM has some
limitations when configuring the ASA service policy; see the ASA CX user guide for more information.
Prerequisites
If you enable the authentication proxy on the ASA using this procedure, be sure to also configure a
directory realm for authentication on the ASA CX module. See the ASA CX user guide for more
information.
If you have an active service policy redirecting traffic to an IPS module (that you replaced with the
ASA CX), you must remove that policy before you configure the ASA CX service policy.
Be sure to configure both the ASA policy and the ASA CX to have matching modes: both in
monitor-only mode, or both in normal inline mode.
In multiple context mode, perform this procedure within each security context.