03-24-2014 08:30 PM - edited 03-11-2019 08:59 PM
I had implement ASA CX on transparent mode, at first on stateful the traffic looks well but after I had redirect the traffic to the cxsc module via Inspection rule, the traffic can't access to the internet
ASA version : 9.1.3
PRSM version : 9.2.1.2
mode : transparent
Interface
BVI1 : Enable
gi0/0 : outside, enable, security level 0, group BVI 1
gi0/1 : inside, enable, security level 100, group BVI 1
policy : Source : Any ==> Destination : Any ==> Service : IP (ASDM), any (PRSM)==> Action : Allow ( On both ASDM and PRSM )
03-25-2014 04:23 AM
Please share your ASA inspection conifguration .
and sh module CX detail output.
03-25-2014 11:59 PM
Hi vishaw1986
the output of the command is
Card Type: ASA CX5525 Security Appliance
Model: ASA CX5525
Hardware version: N/A
Serial Number: FCH180570M8
Firmware version: N/A
Software version: 9.2.1.2
MAC Address Range: 18e7.28b6.1f8d to 18e7.28b6.1f8d
App. name: ASA CX
App. Status: Up
App. Status Desc: Normal Operation
App. version: 9.2.1.2
Data Plane Status: Up
Status: Up
Mgmt IP addr: 10.10.50.192
Mgmt Network mask: 255.255.255.0
Mgmt Gateway: 10.10.50.254
Mgmt web ports: 443
Mgmt TLS enabled: true
and I have attach the inspection policy and the running config
Regards,
S. Tinnakorn
03-26-2014 03:51 AM
Hello ,
Thanks for sharing the information.
Your configuration seems ok
can you please try this.
access-list 101 extended permit ip any any
class-map CX
match access-list 101
policy-map CX
class CX
cxsc fail-open
service-policy CX interface outside
Just creat a seperate policy map for CX
Thanks
03-26-2014 07:43 PM
Hi Vishaw1986,
Thank you for help, I will try to put this configuration and will inform the result ASAP.
Regards,
S. Tinnakorn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide