Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1683
Views
5
Helpful
12
Replies

ASA cx not working with traffic redirection

Go to solution
networksolution.mann
Level 1
Level 1

‎09-23-2015 05:47 AM - edited ‎03-11-2019 11:38 PM

Hi all,

 

I am facing an issue with asa cx feature where asa is having all traffice set but there is no traffic coming to asa cx.traffic is only visible in case of monitor only mode.please tell me :

1.How to redirect all traffic from asa to asa cx.

2.How to add all inside envoirment working clients in asa cx for checking there details in place of ip address.

 

 

NOTE : I am working through PRSM NOT THROUGH CLI.

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rishabh Seth
Level 7
Level 7

‎09-24-2015 12:18 AM

Hi,

 

If the traffic is visible on CX in the monitor only mode then, your redirection policy are correct.

Only change you need make is that on ASA ensure you do not have monitor-only in your policy-map.

 

For monitor only:

policy-map CX

class CX
  cxsc fail-close monitor-only

 

 

For inline:

policy-map CX

class CX
  cxsc fail-close

 

Also on CX GUI turn off the monitor-only mode:

Navigate: Configurations> monitor-only  and turn off the monitor-only mode.

 

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

 

 

 

View solution in original post

Go to solution
Rishabh Seth
Level 7
Level 7
In response to networksolution.mann

‎09-24-2015 09:59 AM

I glad to hear that provided solution helped you.

To me the errors look like related to http server on cx. You may try a different browser. Or if it is possible you can try restarting CX module and check. Also esure you are at latest version, so that you can be sure that you are not hitting any existing defect.

Do share your findings.

Thanks,

R.Seth

View solution in original post

0 Helpful
12 Replies 12

Go to solution
Rishabh Seth
Level 7
Level 7

‎09-24-2015 12:18 AM

Hi,

 

If the traffic is visible on CX in the monitor only mode then, your redirection policy are correct.

Only change you need make is that on ASA ensure you do not have monitor-only in your policy-map.

 

For monitor only:

policy-map CX

class CX
  cxsc fail-close monitor-only

 

 

For inline:

policy-map CX

class CX
  cxsc fail-close

 

Also on CX GUI turn off the monitor-only mode:

Navigate: Configurations> monitor-only  and turn off the monitor-only mode.

 

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

 

 

 

Go to solution
networksolution.mann
Level 1
Level 1
In response to Rishabh Seth

‎09-24-2015 12:18 AM

Hi resseth,

 

 

Thanx for this amazing information but if i off the monitor-only  mode then cx is not showing any running traffic in it.

So according to you i need to check asa via cli mode for running  config for nat should with policy-map ?

 

 

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to networksolution.mann

‎09-24-2015 12:38 AM

 

Yes, only change you need make is that on ASA ensure you do not have monitor-only in your policy-map.

 

Even then if you have issues let us know.

 

Hope it helps!!!

Thanks,

R.Seth

Don't forget to mark the answer as correct if it helps in resolving your query!!!

0 Helpful

Go to solution
networksolution.mann
Level 1
Level 1
In response to Rishabh Seth

‎09-24-2015 07:39 AM

HI R.SETH,

 

 

I wanna say thanx to you for help this is a issue which were stuck for many days.

ASA cx is working but when inam going to generate report or ceating policies followed Attched errors has been displayed.

 

So i am not able to make any further towards asa cx.

 

Could you please help me with that too ?

 

Preview file
35 KB
Preview file
67 KB
0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to networksolution.mann

‎09-24-2015 09:59 AM

I glad to hear that provided solution helped you.

To me the errors look like related to http server on cx. You may try a different browser. Or if it is possible you can try restarting CX module and check. Also esure you are at latest version, so that you can be sure that you are not hitting any existing defect.

Do share your findings.

Thanks,

R.Seth

0 Helpful

Go to solution
networksolution.mann
Level 1
Level 1
In response to Rishabh Seth

‎09-25-2015 01:30 AM

Hi R.seth,

My issue for for those error messages has been resolved just by changing browser to chrome and now its working fine.

I dnt know how should i say thanks to you cause its not enough.

you are amazing and you save the day.

0 Helpful

Go to solution
networksolution.mann
Level 1
Level 1
In response to networksolution.mann

‎09-25-2015 01:42 AM

Need to ask one more thing how to add all local users data in CX that it would be easy to identify users according to there names.we are not using server for all the users.its only for half of the users other ones uses the laptop.so they are not included and not using domain.

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to networksolution.mann

‎09-25-2015 02:18 AM

Are you talking about users for accessing CX GUI or users for  creating user based policies for pass through traffic?

 

Thanks,

R.Seth

0 Helpful

Go to solution
networksolution.mann
Level 1
Level 1
In response to Rishabh Seth

‎09-25-2015 02:23 AM

Seth,

I am talking about users which are shown in traffic or bandwidth usage.

 

In case  for checking which user uses what.

0 Helpful

Go to solution
Rishabh Seth
Level 7
Level 7
In response to networksolution.mann

‎09-25-2015 02:39 AM

On CX the only way to get user IP mapping is to use a CDA or AD agent. 

So you can integrate CX with AD server or CDA.

 

I hope this answers your query.

 

Thanks,

R.Seth

0 Helpful

Go to solution
networksolution.mann
Level 1
Level 1
In response to Rishabh Seth

‎09-25-2015 02:41 AM

could you tell me this process step by step which i can easily follow and perform.

and where i can find CDA in cx

0 Helpful

Go to solution
networksolution.mann
Level 1
Level 1
In response to networksolution.mann

‎09-27-2015 10:07 PM

HI R.seth,

 

I am still waiting for yur reply regarding the last mail.

 

One more thing i have not block any service like online banking can you tell me why i am getting this type of msgs.

Preview file
82 KB
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card