59-6
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter59 Configuring the ASA CX Module
Configuring the ASA CX Module
Task Flow for the ASA CX Module
Configuring the ASA CX module is a process that includes configuration of the ASA CX security policy
on the ASA CX module and then configuration of the ASA to send traffic to the ASA CX module. To
configure the ASA CX module, perform the following steps:
Step1 Cable the ASA and ASA CX management interfaces and optionally, the console interface. See the
“Connecting Management Interface Cables” section on page 59-6.
Step2 (Optional) On the ASA, configure the ASA CX module management IP address for initial SSH access.
See the “Configuring the ASA CX Management IP Address” section on page59-7.
Step3 On the ASA CX module, configure basic settings. See the “Configuring Basic ASA CX Settings at the
ASA CX CLI” section on page 59-7.
Step4 On the ASA CX module, configure the security policy using PRSM. See the “Configuring the Security
Policy on the ASA CX Module Using PRSM” section on page59-9.
Step5 (Optional) On the ASA, configure the authentication proxy port. See the “(Optional) Configuring the
Authentication Proxy Port” section on page59-10.
Step6 On the ASA, identify traffic to divert to the ASA CX module. See the “Redirecting Traffic to the ASA
CX Module” section on page 59-11.
Note When using PRSM in multiple device mode, you can configure the ASA policy for sending
traffic to the ASA CX module within PRSM, instead of using ASDM or the ASA CLI. However,
PRSM has some limitations when configuring the ASA service policy; see the ASA CX user
guide for more information.
Connecting Management Interface Cables
Connect the management PC to the ASA and the ASA CX module management interfaces, as well as to
the ASA CX console port.
Guidelines
For initial setup, you can connect with SSH to the ASA CX Management 1/0 interface using the default
IP address (192.168.8.8/24). If you cannot use the default IP address, you can either use the console port
or use ASDM to change the management IP address so you can use SSH.
Detailed Steps
Connect to the ASA Management 0/0 interface and the ASA CX Management 1/0 interface.