03-24-2014 08:30 PM - edited 03-11-2019 08:59 PM
I had implement ASA CX on transparent mode, at first on stateful the traffic looks well but after I had redirect the traffic to the cxsc module via Inspection rule, the traffic can't access to the internet
ASA version : 9.1.3
PRSM version : 9.2.1.2
mode : transparent
Interface
BVI1 : Enable
gi0/0 : outside, enable, security level 0, group BVI 1
gi0/1 : inside, enable, security level 100, group BVI 1
policy : Source : Any ==> Destination : Any ==> Service : IP (ASDM), any (PRSM)==> Action : Allow ( On both ASDM and PRSM )
03-25-2014 04:23 AM
Please share your ASA inspection conifguration .
and sh module CX detail output.
03-25-2014 11:59 PM
Hi vishaw1986
the output of the command is
Card Type: ASA CX5525 Security Appliance
Model: ASA CX5525
Hardware version: N/A
Serial Number: FCH180570M8
Firmware version: N/A
Software version: 9.2.1.2
MAC Address Range: 18e7.28b6.1f8d to 18e7.28b6.1f8d
App. name: ASA CX
App. Status: Up
App. Status Desc: Normal Operation
App. version: 9.2.1.2
Data Plane Status: Up
Status: Up
Mgmt IP addr: 10.10.50.192
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 10.10.50.254
Mgmt web ports: 443
Mgmt TLS enabled: true
and I have attach the inspection policy and the running config
Regards,
S. Tinnakorn
03-26-2014 03:51 AM
Hello ,
Thanks for sharing the information.
Your configuration seems ok
can you please try this.
access-list 101 extended permit ip any any
class-map CX
match access-list 101
policy-map CX
class CX
cxsc fail-open
service-policy CX interface outside
Just creat a seperate policy map for CX
Thanks
03-26-2014 07:43 PM
Hi Vishaw1986,
Thank you for help, I will try to put this configuration and will inform the result ASAP.
Regards,
S. Tinnakorn
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: