Lab Simulation
A.
B.
C.
D.
Correct Answer:
Explanation/Reference:
Answer:
Review the explanation part for full solution.
We need to create a policy map named inside-policy and send the traffic to the CXSC blade:
ASA-FW# config t
ASA-FW(config)# policy-map inside-policy
ASA-FW(config-pmap)# policy-map inside-policy
ASA-FW(config-pmap)# class class-default
ASA-FW(config-pmap-c)# cxsc fail-close auth-proxy
ASA-FW(config-pmap-c)# exit
ASA-FW(config-pmap)# exit
The fail-close is needed as per instructions that if the CX module fails, no traffic should be allowed. The auth-proxy keyword is needed for active authentication. Next, we need to apply this policy map to the inside interface:
ASA-FW(config)#service-policy inside-policy interface inside.
Finally, verify that the policy is active:
ASA-FW# show service-policy interface inside
Interface inside:
Service-policy: inside-policy
Class-map: class-default
Default QueueingCXSC: card status Up, mode fail-close, auth-proxy enabled Packet input 181, packet output 183, drop 0, reset-drop 0, proxied 0
Configuration guidelines can be found at this reference link: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/ asa_84_cli_config/m odules_cx.pdf
Explanation/Reference:
Answer:
Review the explanation part for full solution.
We need to create a policy map named inside-policy and send the traffic to the CXSC blade:
ASA-FW# config t
ASA-FW(config)# policy-map inside-policy
ASA-FW(config-pmap)# policy-map inside-policy
ASA-FW(config-pmap)# class class-default
ASA-FW(config-pmap-c)# cxsc fail-close auth-proxy
ASA-FW(config-pmap-c)# exit
ASA-FW(config-pmap)# exit
The fail-close is needed as per instructions that if the CX module fails, no traffic should be allowed. The auth-proxy keyword is needed for active authentication. Next, we need to apply this policy map to the inside interface:
ASA-FW(config)#service-policy inside-policy interface inside.
Finally, verify that the policy is active:
ASA-FW# show service-policy interface inside
Interface inside:
Service-policy: inside-policy
Class-map: class-default
Default QueueingCXSC: card status Up, mode fail-close, auth-proxy enabled Packet input 181, packet output 183, drop 0, reset-drop 0, proxied 0
Configuration guidelines can be found at this reference link: http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/ asa_84_cli_config/m odules_cx.pdf