Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 651

    Page 651 CH A P T E R 30-1 Cisco ASA Series Firewall ASDM Configuration Guide 30 Configuring the ASA CX Module This chapter describes how to configure the ASA CX module that runs on the ASA. Information About the ASA CX Module, page 30-1 Licensing Requirements for the ASA CX Module, page 30-6 Guidelines and Limitations, page 30-6 Default Settings, page 30-8 Configuring the ASA CX Module, page 30-8 Managing the ASA CX Module, page 30-23 Monitoring the ASA CX Module, page 30-27 Troubleshooting the ASA CX... 
    CH A P T E R
 
30-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
30
Configuring the ASA CX Module
This chapter describes how to configure the ASA CX module that runs on the ASA.
Information About the ASA CX Module, page 30-1
Licensing Requirements for the ASA CX Module, page 30-6
Guidelines and Limitations, page 30-6
Default Settings, page 30-8
Configuring the ASA CX Module, page 30-8
Managing the ASA CX Module, page 30-23
Monitoring the ASA CX Module, page 30-27
Troubleshooting the ASA CX...

    Page 652

    Page 652 30-2 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Information About the ASA CX Module How the ASA CX Module Works with the ASA The ASA CX module runs a separate application from the ASA. The ASA CX module includes external management interface(s) so you can connect to the ASA CX module directly. Any data interfaces on the ASA CX module are used for ASA traffic only. Traffic goes through the firewall checks before being forwarded to the ASA CX... 
     
30-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Information About the ASA CX Module
How the ASA CX Module Works with the ASA
The ASA CX module runs a separate application from the ASA. The ASA CX module includes external 
management interface(s) so you can connect to the ASA CX module directly. Any data interfaces on the 
ASA CX module are used for ASA traffic only.
Traffic goes through the firewall checks before being forwarded to the ASA CX...

    Page 653

    Page 653 30-3 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Information About the ASA CX Module Monitor-Only Mode For demonstration purposes, you can configure a service policy or a traffic-forwarding interface in monitor-only mode. For guidelines and limitations for monitor-only mode, see the “Guidelines and Limitations” section on page 30-6. Service Policy in Monitor-Only Mode, page 30-3 Traffic-Forwarding Interface in Monitor-Only Mode, page 30-3... 
     
30-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Information About the ASA CX Module
Monitor-Only Mode
For demonstration purposes, you can configure a service policy or a traffic-forwarding interface in 
monitor-only mode.
For guidelines and limitations for monitor-only mode, see the “Guidelines and Limitations” section on 
page 30-6.
Service Policy in Monitor-Only Mode, page 30-3
Traffic-Forwarding Interface in Monitor-Only Mode, page 30-3...

    Page 654

    Page 654 30-4 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Information About the ASA CX Module Figure 30-3 ASA CX Traffic-Forwarding Information About ASA CX Management Initial Configuration, page 30-4 Policy Configuration and Management, page 30-5 Initial Configuration For initial configuration, you must use the CLI on the ASA CX module to run the setup command and configure other optional settings. To access the CLI, you can use the following methods:... 
     
30-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Information About the ASA CX Module
Figure 30-3 ASA CX Traffic-Forwarding
Information About ASA CX Management
Initial Configuration, page 30-4
Policy Configuration and Management, page 30-5
Initial Configuration
For initial configuration, you must use the CLI on the ASA CX module to run the setup command and 
configure other optional settings.
To access the CLI, you can use the following methods:...

    Page 655

    Page 655 30-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Information About the ASA CX Module or ASDM). However, physical characteristics (such as enabling the interface) are configured on the ASA. You can remove the ASA interface configuration (specifically the interface name) to dedicate this interface as an ASA CX-only interface. This interface is management-only. Policy Configuration and Management After you perform initial configuration, configure... 
     
30-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Information About the ASA CX Module
or ASDM). However, physical characteristics (such as enabling the interface) are configured on 
the ASA. You can remove the ASA interface configuration (specifically the interface name) to 
dedicate this interface as an ASA CX-only interface. This interface is management-only.
Policy Configuration and Management
After you perform initial configuration, configure...

    Page 656

    Page 656 30-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Licensing Requirements for the ASA CX Module Do not configure ASA inspection on HTTP traffic. Do not configure Cloud Web Security (ScanSafe) inspection. If you configure both the ASA CX action and Cloud Web Security inspection for the same traffic, the ASA only performs the ASA CX action. Other application inspections on the ASA are compatible with the ASA CX module, including the default... 
     
30-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Licensing Requirements for the ASA CX Module
Do not configure ASA inspection on HTTP traffic.
Do not configure Cloud Web Security (ScanSafe) inspection. If you configure both the ASA CX 
action and Cloud Web Security inspection for the same traffic, the ASA only performs the ASA CX 
action.
Other application inspections on the ASA are compatible with the ASA CX module, including the 
default...

    Page 657

    Page 657 30-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Guidelines and Limitations Firewall Mode Guidelines Supported in routed and transparent firewall mode. Traffic-forwarding interfaces are only supported in transparent mode. Failover Guidelines Does not support failover directly; when the ASA fails over, any existing ASA CX flows are transferred to the new ASA, but the traffic is allowed through the ASA without being inspected by the ASA CX. ASA... 
     
30-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Guidelines and Limitations
Firewall Mode Guidelines
Supported in routed and transparent firewall mode. Traffic-forwarding interfaces are only supported in 
transparent mode.
Failover Guidelines
Does not support failover directly; when the ASA fails over, any existing ASA CX flows are transferred 
to the new ASA, but the traffic is allowed through the ASA without being inspected by the ASA CX.
ASA...

    Page 658

    Page 658 30-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Default Settings Additional Guidelines and Limitations See the “Compatibility with ASA Features” section on page 30-5. You cannot change the software type installed on the hardware module; if you purchase an ASA CX module, you cannot later install other software on it. Default Settings Table 30-1 lists the default settings for the ASA CX module. Configuring the ASA CX Module This section describes... 
     
30-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Default Settings
Additional Guidelines and Limitations
See the “Compatibility with ASA Features” section on page 30-5.
You cannot change the software type installed on the hardware module; if you purchase an ASA CX 
module, you cannot later install other software on it.
Default Settings
Table 30-1 lists the default settings for the ASA CX module.
Configuring the ASA CX Module
This section describes...

    Page 659

    Page 659 30-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Configuring the ASA CX Module Step 3(ASA 5585-X) Configure the ASA CX module management IP address for initial SSH access. See the “(ASA 5585-X) Changing the ASA CX Management IP Address” section on page 30-14. Step 4On the ASA CX module, configure basic settings. You must use the CLI to configure these settings. See the “Configuring Basic ASA CX Settings at the ASA CX CLI” section on page... 
     
30-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Configuring the ASA CX Module
Step 3(ASA 5585-X) Configure the ASA CX module management IP address for initial SSH access. See the 
“(ASA 5585-X) Changing the ASA CX Management IP Address” section on page 30-14.
Step 4On the ASA CX module, configure basic settings. You must use the CLI to configure these settings. See 
the “Configuring Basic ASA CX Settings at the ASA CX CLI” section on page...

    Page 660

    Page 660 30-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 30 Configuring the ASA CX Module Configuring the ASA CX Module If you have an inside router If you have an inside router, you can route between the management network, which can include both the ASA Management 0/0 and ASA CX Management 1/0 interfaces, and the ASA inside network for Internet access. Be sure to also add a route on the ASA to reach the Management network through the inside router. If you do not have an inside... 
     
30-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 30      Configuring the ASA CX Module
  Configuring the ASA CX Module
If you have an inside router
If you have an inside router, you can route between the management network, which can include both 
the ASA Management 0/0 and ASA CX Management 1/0 interfaces, and the ASA inside network for 
Internet access. Be sure to also add a route on the ASA to reach the Management network through the 
inside router.
If you do not have an inside...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals