Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Redirecting traffic to cx on ASA

Can anyone please help on this? I am trying to enable policy on ASA in order to redirect traffic from a computer to cx for enabling restricted internet browsing/url filtering on that computer. But as soon as I enable the rule, the Intenret on that computer just stops working at all.

Screenshots are attached showing ASA asdm configuration.

Please help. Thanks.

Hall of Fame Super Silver

Re: Redirecting traffic to cx on ASA

I've always applied the ASA's service policy for CX inspection to a specific interface as opposed to making it a global policy. Something like this in the config for inspecting http on all hosts (modify the access-list to match your desired redirection):

access-list ASACX permit tcp any any eq port 80

class-map ASACX-CM

match access-list ASACX

policy-map ASACX-PM

class ASACX-CM

cscx failed-open auth-proxy

service-policy ASACX-PM interface outside

Have you configured any policies on the CX itself (using PRSM)?

New Member

Redirecting traffic to cx on ASA

Thanks Marvin for the important useful help. Surprisingly, ASA started redirecting traffic to CX by just refreshing event manager in the CX.

To answer your question, yes I have made policies on CX but not usring PRSM. At the moment I am working directly on CX. Thanks.

Hall of Fame Super Silver

Redirecting traffic to cx on ASA

You're welcome. Glad it's working for you.

By the way - it's all PRSM. Just on-box ("directly on CX") or off-box (PRSM in a VM, able to manage multiple CX modules (and more capabilities in the pipeline)).