SIMULATION
Your task is to configure the ASA to forward the appropriate traffic to the CX module for processing.
Answer: See the explanation
Explanation:
We need to create a policy map named inside-policy and send the traffic to the CXSC blade:
ASA-FW# config t
ASA-FW(config)# policy-map inside-policy
ASA-FW(config-pmap)# policy-map inside-policy
ASA-FW(config-pmap)# class class-default
ASA-FW(config-pmap-c)# cxsc fail-close auth-proxy
ASA-FW(config-pmap-c)# exit
ASA-FW(config-pmap)# exit
The fail-close is needed as per instructions that if the CX module fails, no traffic should be allowed. The
auth-proxy keyword is needed for active authentication.
Next, we need to apply this policy map to the inside interface:
ASA-FW(config)#service-policy inside-policy interface inside.Finally, verify that the policy is active:
ASA-FW# show service-policy interface inside
Interface inside:
Service-policy: inside-policy
Class-map: class-default
Default Queueing CXSC: card status Up, mode fail-close, auth-proxy enabled
Packet input 181, packet output 183, drop 0, reset-drop 0, proxied 0
Configuration guidelines can be found at this reference link:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/mo
dules_cx.pdf