ASA CX console & Web Filter

Ninad Thakare · ‎08-01-2014

Hello Support,

I have installed ASA CX boot image and Software image on my ASA 5515-X. Now having 3 issues :

1 ) I used :

asa# session cxsc console

to login to CX. But how come I will get back to my ASA console back..?

2) I have subinterface (w.r.t VLANs on 0/1 followed with unmanaged network) and WAN link which was working fine, when I installed CX image I lost my internal network as well as Internet too. Why is it so..?

3) And is there any step by step guide to configure Web-Filter & IPS on ASA-CX.....

Regards,

Ninad Thakare

Marvin Rhoads · ‎08-02-2014

Ninda,

Please see the CX Module Quick Start Guide. That's for initial system setup.

Once you have access via PRSM, you can build and setup policies as described in the User Guide (specifically see the section of "The Basics, Managing Policy")

(properly) Installing the CX module software should not, by itself, affect in any way your base ASA operations or traffic flow. It's only when you redirect traffic (via a service policy) that you have the potential to affect traffic flow.

Ninad Thakare · ‎08-03-2014

Marvin,

Ok. But how come I will get to ASA CLI.

I'm stuck on ASACX CLI mode. Not able to got to ASA CLI.

Whats, the way to it...?

Marvin Rhoads · ‎08-03-2014

If you are in asacx cli (having entered from the ASA cli using the "session cxsc console" command), then a simple "exit" should return you to the ASA cli.

Ninad Thakare · ‎08-03-2014

Yes I m entered from ASA cli, and by using 'exit' command. I am just closing my putty session. And when I try to take console again, it displays asacx login/password, but not the asa login....

Marvin Rhoads · ‎08-03-2014

It sounds like you are logging into the CX management IP address and not the ASA management IP address. Perhaps you assigned it the same address as your ASA originally had? When you log into the CX cli directly, you cannot change into the ASA cli from it.

Note in the document I linked above that it directs you to assign a unique address to the CX management interface. It shares the physical M0/0 interface of the ASA.

The ASA itself does not necessarily have an address assigned to M0/0 (as it can be managed from any permitted interface address) but, if it does, it must be different than the one used by the CX module.

Ninad Thakare · ‎08-03-2014

I am not using any IP to connect. I am using COM port to take console.

Where I m not even able to connect via SSH to ASA even though I have allowed it because my ASA is not accepting any username to it.

So, once in all, I lost all my ways to access ASA CLI.

Marvin Rhoads · ‎08-04-2014

I have never seen this behavior. I can only imagine some error during the CX module installation that overwrote your ASA configuration.

Since the ASA is no longer functioning correctly, I suggest your reboot while connected to the console and watch to see what image is being loaded. You may need to break in rommon and re-establish the ASA software as the primary booted image.

A TAC case is probably in order.