Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cannot access internet throught ASA CX transparent mode

I had implement ASA CX on transparent mode, at first on stateful the traffic looks well but after I had redirect the traffic to the cxsc module via Inspection rule, the traffic can't access to the internet


ASA version : 9.1.3

PRSM version :

mode : transparent



BVI1 : Enable

gi0/0 : outside, enable, security level 0, group BVI 1

gi0/1 : inside, enable, security level 100, group BVI 1


policy : Source : Any ==> Destination : Any ==> Service : IP (ASDM), any (PRSM)==> Action : Allow ( On both ASDM and PRSM )







New Member

Please share your ASA

Please share your ASA inspection conifguration .

and sh module CX detail output.

Hi vishaw1986the output of

Hi vishaw1986

the output of the command is


Card Type:          ASA CX5525 Security Appliance
Model:              ASA CX5525
Hardware version:   N/A
Serial Number:      FCH180570M8
Firmware version:   N/A
Software version:
MAC Address Range:  18e7.28b6.1f8d to 18e7.28b6.1f8d
App. name:          ASA CX
App. Status:        Up
App. Status Desc:   Normal Operation
App. version:
Data Plane Status:  Up
Status:             Up
Mgmt IP addr:
Mgmt Network mask:
Mgmt Gateway:
Mgmt web ports:     443
Mgmt TLS enabled:   true

and I have attach the inspection policy and the running config


S. Tinnakorn

New Member

Hello ,Thanks for sharing the

Hello ,

Thanks for sharing the information.

Your configuration seems ok

can you please try this.


access-list 101 extended permit ip any any

class-map CX
 match access-list 101

policy-map CX
 class CX
 cxsc fail-open

service-policy  CX interface outside


Just creat a seperate policy map for CX




Hi Vishaw1986,Thank you for

Hi Vishaw1986,

Thank you for help, I will try to put this configuration and will inform the result ASAP.



S. Tinnakorn