Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cannot access internet throught ASA CX transparent mode

I had implement ASA CX on transparent mode, at first on stateful the traffic looks well but after I had redirect the traffic to the cxsc module via Inspection rule, the traffic can't access to the internet

 

ASA version : 9.1.3

PRSM version : 9.2.1.2

mode : transparent

 

Interface

BVI1 : Enable

gi0/0 : outside, enable, security level 0, group BVI 1

gi0/1 : inside, enable, security level 100, group BVI 1

 

policy : Source : Any ==> Destination : Any ==> Service : IP (ASDM), any (PRSM)==> Action : Allow ( On both ASDM and PRSM )

 

 

 

 

 


 

4 REPLIES
New Member

Please share your ASA

Please share your ASA inspection conifguration .

and sh module CX detail output.

Hi vishaw1986the output of

Hi vishaw1986

the output of the command is

 

Card Type:          ASA CX5525 Security Appliance
Model:              ASA CX5525
Hardware version:   N/A
Serial Number:      FCH180570M8
Firmware version:   N/A
Software version:   9.2.1.2
MAC Address Range:  18e7.28b6.1f8d to 18e7.28b6.1f8d
App. name:          ASA CX
App. Status:        Up
App. Status Desc:   Normal Operation
App. version:       9.2.1.2
Data Plane Status:  Up
Status:             Up
Mgmt IP addr:       10.10.50.192
Mgmt Network mask:  255.255.255.0
Mgmt Gateway:       10.10.50.254
Mgmt web ports:     443
Mgmt TLS enabled:   true


and I have attach the inspection policy and the running config

Regards,

S. Tinnakorn

New Member

Hello ,Thanks for sharing the

Hello ,

Thanks for sharing the information.

Your configuration seems ok

can you please try this.

 

access-list 101 extended permit ip any any

class-map CX
 match access-list 101

policy-map CX
 class CX
 cxsc fail-open

service-policy  CX interface outside

 

Just creat a seperate policy map for CX

 

Thanks

 

Hi Vishaw1986,Thank you for

Hi Vishaw1986,

Thank you for help, I will try to put this configuration and will inform the result ASAP.

 

Regards,

S. Tinnakorn

132
Views
0
Helpful
4
Replies