Redirecting traffic to cx on ASA

sqambera · ‎11-06-2013

Can anyone please help on this? I am trying to enable policy on ASA in order to redirect traffic from a computer to cx for enabling restricted internet browsing/url filtering on that computer. But as soon as I enable the rule, the Intenret on that computer just stops working at all.

Screenshots are attached showing ASA asdm configuration.

Please help. Thanks.

Marvin Rhoads · ‎11-08-2013

I've always applied the ASA's service policy for CX inspection to a specific interface as opposed to making it a global policy. Something like this in the config for inspecting http on all hosts (modify the access-list to match your desired redirection):

access-list ASACX permit tcp any any eq port 80

class-map ASACX-CM

match access-list ASACX

policy-map ASACX-PM

class ASACX-CM

cscx failed-open auth-proxy

service-policy ASACX-PM interface outside

Have you configured any policies on the CX itself (using PRSM)?

sqambera · ‎11-10-2013

Thanks Marvin for the important useful help. Surprisingly, ASA started redirecting traffic to CX by just refreshing event manager in the CX.

To answer your question, yes I have made policies on CX but not usring PRSM. At the moment I am working directly on CX. Thanks.

Marvin Rhoads · ‎11-10-2013

You're welcome. Glad it's working for you.

By the way - it's all PRSM. Just on-box ("directly on CX") or off-box (PRSM in a VM, able to manage multiple CX modules (and more capabilities in the pipeline)).