30-22
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 30 Configuring the ASA CX Module
Configuring the ASA CX Module
Configuring Traffic-Forwarding Interfaces (Monitor-Only Mode)
This section configures traffic-forwarding interfaces, where all traffic is forwarded directly to the ASA
CX module. This method is for demonstration purposes only. For a normal ASA CX service policy, see
the “Creating the ASA CX Service Policy” section on page 30-19.
For more information see the “Monitor-Only Mode” section on page 30-3. See also the “Guidelines and
Limitations” section on page 30-6 for guidelines and limitations specific to traffic-forwarding interfaces.
You can only configure this feature at the CLI; you can use the Command Line Interface tool.
Prerequisites
• Be sure to configure both the ASA policy and the ASA CX to have matching modes: both in
monitor-only.
• In multiple context mode, perform this procedure within each security context.
Detailed Steps
Step 1 Choose Tools > Command Line Interface.
Step 2 Click the Multiple Line radio button.
Step 3 Enter the following commands:
Step 4 Repeat for any additional interfaces.
Step 5 Click Send.
Command Purpose
Step 1
interface physical_interface
Example:
ciscoasa(config)# interface
gigabitethernet 0/5
Enters interface configuration mode for the physical interface you
want to use for traffic-forwarding.
Step 2
no nameif
Example:
ciscoasa(config-ifc)# no nameif
Removes any name configured for the interface. If this interface
was used in any ASA configuration, that configuration is
removed. You cannot configure traffic-forwarding on a named
interface.
Step 3
traffic-forward cxsc monitor-only
Example:
ciscoasa(config-ifc)# traffic-forward cxsc
monitor-only
Enables traffic-forwarding. You see a warning similar to the
following:
WARNING: This configuration is purely for demo of CX
functionality and shouldn't be used on a production ASA
and any issues found when mixing demo feature with
production ASA is not supported.
Step 4
no shutdown
Example:
ciscoasa(config-ifc)# no shutdown
Enables the interface.