08-01-2014 11:36 PM - edited 02-21-2020 05:15 AM
Hello Support,
I have installed ASA CX boot image and Software image on my ASA 5515-X. Now having 3 issues :
1 ) I used :
asa# session cxsc console
to login to CX. But how come I will get back to my ASA console back..?
2) I have subinterface (w.r.t VLANs on 0/1 followed with unmanaged network) and WAN link which was working fine, when I installed CX image I lost my internal network as well as Internet too. Why is it so..?
3) And is there any step by step guide to configure Web-Filter & IPS on ASA-CX.....
Regards,
Ninad Thakare
08-02-2014 08:29 PM
Ninda,
Please see the CX Module Quick Start Guide. That's for initial system setup.
Once you have access via PRSM, you can build and setup policies as described in the User Guide (specifically see the section of "The Basics, Managing Policy")
(properly) Installing the CX module software should not, by itself, affect in any way your base ASA operations or traffic flow. It's only when you redirect traffic (via a service policy) that you have the potential to affect traffic flow.
08-03-2014 10:54 AM
Marvin,
Ok. But how come I will get to ASA CLI.
I'm stuck on ASACX CLI mode. Not able to got to ASA CLI.
Whats, the way to it...?
08-03-2014 11:13 AM
If you are in asacx cli (having entered from the ASA cli using the "session cxsc console" command), then a simple "exit" should return you to the ASA cli.
08-03-2014 08:18 PM
08-03-2014 09:09 PM
It sounds like you are logging into the CX management IP address and not the ASA management IP address. Perhaps you assigned it the same address as your ASA originally had? When you log into the CX cli directly, you cannot change into the ASA cli from it.
Note in the document I linked above that it directs you to assign a unique address to the CX management interface. It shares the physical M0/0 interface of the ASA.
The ASA itself does not necessarily have an address assigned to M0/0 (as it can be managed from any permitted interface address) but, if it does, it must be different than the one used by the CX module.
08-03-2014 11:56 PM
I am not using any IP to connect. I am using COM port to take console.
Where I m not even able to connect via SSH to ASA even though I have allowed it because my ASA is not accepting any username to it.
So, once in all, I lost all my ways to access ASA CLI.
08-04-2014 05:45 AM
I have never seen this behavior. I can only imagine some error during the CX module installation that overwrote your ASA configuration.
Since the ASA is no longer functioning correctly, I suggest your reboot while connected to the console and watch to see what image is being loaded. You may need to break in rommon and re-establish the ASA software as the primary booted image.
A TAC case is probably in order.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: