Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
533
Views
0
Helpful
1
Replies

What needs to be done to redirect traffic to ASA SFR Module in Inline mode

subrun.jamil
Beginner
Beginner

‎05-15-2018 08:07 PM - edited ‎02-21-2020 07:46 AM

I have my Any Connect VPN and Site to Site VPN Traffic redirected to SFR module while configuring almost similar to below rule. Difference is in my box I have configured the traffic here what I mentioned as XXXX. 

 

ciscoasa(config)# access-list sfr_redirect extended permit ip XXXX XXXX
ciscoasa(config)# class-map sfr
ciscoasa(config-cmap)# match access-list sfr_redirect
ciscoasa(config-pmap-c)# sfr fail-open monitor-only

 

Now I need to configure this as an Inline Mode to start Inspecting the traffic. What are the steps I need to do to accomplish this other than configuring below command 

 

ciscoasa(config-pmap-c)# sfr fail-open

Labels:
0 Helpful
1 Reply 1

Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor

‎05-15-2018 10:17 PM

that is correct. This will start inspecting the traffic assuming that you
have inspection rule is configure in SFR.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents