Cisco Systems ASA Services Module Webcam User Manual


 
30-34
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 30 Configuring the ASA CX Module
Feature History for the ASA CX Module
Monitor-only mode for demonstration
purposes
ASA 9.1(2)
ASA CX 9.1(2)
For demonstration purposes only, you can enable
monitor-only mode for the service policy, which forwards a
copy of traffic to the ASA CX module, while the original
traffic remains unaffected.
Another option for demonstration purposes is to configure a
traffic-forwarding interface instead of a service policy in
monitor-only mode. The traffic-forwarding interface sends
all traffic directly to the ASA CX module, bypassing the
ASA.
We modified the following screen: Configuration > Firewall
> Service Policy Rules > Add Service Policy Rule > Rule
Actions > ASA CX Inspection.
The traffic-forwarding feature is supported by CLI only.
NAT 64 support for the ASA CX module ASA 9.1(2)
ASA CX 9.1(2)
You can now use NAT 64 in conjunction with the ASA CX
module.
We did not modify any screens.
ASA 5585-X with SSP-40 and -60 support for
the ASA CX SSP-40 and -60
ASA 9.1(3)
ASA CX 9.2(1)
ASA CX SSP-40 and -60 modules can be used with the
matching level ASA 5585-X with SSP-40 and -60.
We did not modify any screens.
Multiple context mode support for the ASA
CX module
ASA 9.1(3)
ASA CX 9.2(1)
You can now configure ASA CX service policies per
context on the ASA.
Note Although you can configure per context ASA
service policies, the ASA CX module itself
(configured in PRSM) is a single context mode
device; the context-specific traffic coming from the
ASA is checked against the common ASA CX
policy.
We did not modify any screens.
Filtering packets captured on the ASA CX
backplane
ASA 9.1(3)
ASA CX 9.2(1)
You can now filter packets captured on the ASA CX
backplane using the match or access-list keyword with the
capture interface asa_dataplane command.
Control traffic specific to the ASA CX module is not
affected by the access-list or match filtering; the ASA
captures all control traffic.
In multiple context mode, configure the packet capture per
context. Note that all control traffic in multiple context
mode goes only to the system execution space. Because
control traffic cannot be filtered using an access-list or
match, these options are not available in the system
execution space.
We did not modify any ASDM screens.
Table 30-2 Feature History for the ASA CX Module (continued)
Feature Name
Platform
Releases Feature Information