Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
829
Views
0
Helpful
3
Replies

CX Policy Problems

Go to solution
danimalrambo
Level 1
Level 1

‎12-19-2013 11:31 AM - edited ‎03-11-2019 08:20 PM

Hello,

I am in the process of implementing content filtering on the ASA CX module. I have a lot of problems unfortunetly and I have TAC and my account team engaged but I also want to reach out to the community and see who else is using CX and what their experiences have been.

For the sake of this post I will pose the follwoing question:

I have a "working" policy that is atleast  taking appropriate action and filtering some of the users I specified filtering for in an identity object that is an AD group. This group is my test group and my AD account is a member of that group. Filtering worked for me 100% the time until a code upgrade to 9.2.1.1-48. No I am ot filtered and the events associated for my user show an implicit allow policy. I can't find this implicit allow policy but I assume this is a the default policy. It doesn't seem like the CX module has any problem identifying my user ID but maybe it doesn't see me as a group memeber or maybe my identity object has been currupted. I just setup and got my hands on this product so I'm a bit out of my element. I have high hopes for using this product but I need to prove it can actually work first!

Anyone have any suggestions or experiences with CX they would like to share?

Regards,

-Dan   

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎12-23-2013 12:51 PM

Dan-

Are you using ADA or CDA for AD auth? Did you try the policy with just your username to see if it is an AD group lookup issue? I've noticed some quirks in the 9.2 upgrade. Rebuilding the policy from scratch has almost always fixed any issue I have run into.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Collin Clark
VIP Alumni
VIP Alumni

‎12-23-2013 12:51 PM

Dan-

Are you using ADA or CDA for AD auth? Did you try the policy with just your username to see if it is an AD group lookup issue? I've noticed some quirks in the 9.2 upgrade. Rebuilding the policy from scratch has almost always fixed any issue I have run into.

0 Helpful

Go to solution
danimalrambo
Level 1
Level 1
In response to Collin Clark

‎12-23-2013 07:16 PM

Thanks for the reply Collin,

I did fix this issue a few days ago by blowing away and re-configuring the rule. I use the ADA for AD auth and I have not seen any problems with CX identifying users.

Collin, do you use the CX in a large production environment? How long have you been using it to filter content? Would love to chat with you a bit out of band if you have time let me know.

Regards,

-Dan

0 Helpful

Go to solution
Collin Clark
VIP Alumni
VIP Alumni
In response to danimalrambo

‎12-23-2013 07:20 PM

I've deployed CX for a couple of schools and a state agency (and in my lab). Feel free to shoot me an email at the address in my profile.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card