Support User Manuals

Cisco Systems ASA 5555-X Network Router User Manual

Open as PDF

of 712

30-28

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 30 Configuring the ASA CX Module

Monitoring the ASA CX Module

Examples

The following is sample output from the show asp table classify domain cxsc command:

ciscoasa# show asp table classify domain cxsc

Input Table

in id=0x7ffedb4acf40, priority=50, domain=cxsc, deny=false

hits=15485658, user_data=0x7ffedb4ac840, cs_id=0x0, use_real_addr, flags=0x0,

protocol=0

src ip/id=0.0.0.0, mask=0.0.0.0, port=0

dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

input_ifc=outside, output_ifc=any

in id=0x7ffedb4ad4a0, priority=50, domain=cxsc, deny=false

hits=992053, user_data=0x7ffedb4ac840, cs_id=0x0, use_real_addr, flags=0x0, protocol=0

src ip/id=0.0.0.0, mask=0.0.0.0, port=0

dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

input_ifc=inside, output_ifc=any

in id=0x7ffedb4ada00, priority=50, domain=cxsc, deny=false

hits=0, user_data=0x7ffedb4ac840, cs_id=0x0, use_real_addr, flags=0x0, protocol=0

src ip/id=0.0.0.0, mask=0.0.0.0, port=0

dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0

input_ifc=m, output_ifc=any

Output Table:

L2 - Output Table:

L2 - Input Table:

Last clearing of hits counters: Never

The following is sample output from the show asp table classify domain cxsc-auth-proxy command.

For the first rule in the output, the destination “port=2000” is the auth-proxy port configured by the cxsc

auth-proxy port 2000 command, and the destination “ip/id=192.168.0.100” is the ASA interface IP

address.

ciscoasa# show asp table classify domain cxsc-auth-proxy

Input Table

in id=0x7ffed86cc470, priority=121, domain=cxsc-auth-proxy, deny=false

hits=0, user_data=0x7ffed86ca220, cs_id=0x0, flags=0x0, protocol=6

src ip/id=0.0.0.0, mask=0.0.0.0, port=0

dst ip/id=192.168.0.100, mask=255.255.255.255, port=2000, dscp=0x0

input_ifc=inside, output_ifc=identity

in id=0x7ffed86cce20, priority=121, domain=cxsc-auth-proxy, deny=false

hits=0, user_data=0x7ffed86ca220, cs_id=0x0, flags=0x0, protocol=6

src ip/id=0.0.0.0, mask=0.0.0.0, port=0

dst ip/id=2.2.2.2, mask=255.255.255.255, port=2000, dscp=0x0

input_ifc=new2, output_ifc=identity

in id=0x7ffed86cd7d0, priority=121, domain=cxsc-auth-proxy, deny=false

hits=0, user_data=0x7ffed86ca220, cs_id=0x0, flags=0x0, protocol=6

src ip/id=0.0.0.0, mask=0.0.0.0, port=0

show asp event dp-cp cxsc-msg

This output shows how many ASA CX module messages are on the dp-cp

queue. Currently, only VPN queries from the ASA CX module are sent to

dp-cp.

show conn

This command already shows if a connection is being forwarded to a

module by displaying the ‘X - inspected by service module’ flag.

Connections being forwarded to the ASA CX module will also display the

‘X’ flag.

Command Purpose

previous next