Hello ,Thanks for sharing the

Sahaswetch Tinnakorn · ‎03-24-2014

I had implement ASA CX on transparent mode, at first on stateful the traffic looks well but after I had redirect the traffic to the cxsc module via Inspection rule, the traffic can't access to the internet

ASA version : 9.1.3

PRSM version : 9.2.1.2

mode : transparent

Interface

BVI1 : Enable

gi0/0 : outside, enable, security level 0, group BVI 1

gi0/1 : inside, enable, security level 100, group BVI 1

policy : Source : Any ==> Destination : Any ==> Service : IP (ASDM), any (PRSM)==> Action : Allow ( On both ASDM and PRSM )

vishaw jasrotia · ‎03-25-2014

Please share your ASA inspection conifguration .

and sh module CX detail output.

Sahaswetch Tinnakorn · ‎03-25-2014

Hi vishaw1986

the output of the command is

Card Type:          ASA CX5525 Security Appliance
Model:              ASA CX5525
Hardware version:   N/A
Serial Number:      FCH180570M8
Firmware version:   N/A
Software version:   9.2.1.2
MAC Address Range: 18e7.28b6.1f8d to 18e7.28b6.1f8d
App. name:          ASA CX
App. Status:        Up
App. Status Desc:   Normal Operation
App. version:       9.2.1.2
Data Plane Status: Up
Status:             Up
Mgmt IP addr:       10.10.50.192
Mgmt Network mask: 255.255.255.0
Mgmt Gateway:       10.10.50.254
Mgmt web ports:     443
Mgmt TLS enabled:   true

and I have attach the inspection policy and the running config

Regards,

S. Tinnakorn

vishaw jasrotia · ‎03-26-2014

Hello ,

Thanks for sharing the information.

Your configuration seems ok

can you please try this.

access-list 101 extended permit ip any any

class-map CX
match access-list 101

policy-map CX
class CX
cxsc fail-open

service-policy CX interface outside

Just creat a seperate policy map for CX

Thanks

Sahaswetch Tinnakorn · ‎03-26-2014

Hi Vishaw1986,

Thank you for help, I will try to put this configuration and will inform the result ASAP.

Regards,

S. Tinnakorn

Cannot access internet throught ASA CX transparent mode