56-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 56 Configuring Service Policy Rules on Firewall Devices
Configuring Traffic Flow Objects
Related Topics
About Service Policy Rules, page 56-1

ASA CX Auth Proxy Configuration

If you enabled ASA CX authentication proxy—on the CXSC tab during Step 3 of the Insert/Edit Service
Policy (MPC) Rule Wizard; see Step 3. Configure the MPC actions, page56-8—and you want to use a
non-default port for active authentication, use the Add/Edit CXSC Auth Proxy Configuration dialog box
to change the ASA CX Auth Proxy Port number.
If users must be prompted for authentication credentials, the prompting is done through this port.
Note Security Manager uses “CXSC” in some places to refer to an ASA CX Security Services Processor
(SSP).
Navigation Path
Open the Add/Edit CXSC Auth Proxy Configuration dialog box by clicking the CXSC Auth Proxy
button below the rules table on the IPS, QoS, and Connection Rules Page, page 56-5.
Note The CXSC Auth Proxy button is available below the IPS, QoS, and Connection Rules table only in
Device view; it is not visible in Policy view.
Related Topics
IPS, QoS, and Connection Rules Page, page 56-5
Field Reference
Configuring Traffic Flow Objects
Use the Add and Edit Traffic Flow dialog boxes to configure traffic-match definitions. These traffic-flow
definitions correspond to class maps (the class map command) in the IPS, QoS and Connection Rules
service policy for devices running the PIX 7.0+, ASA 7.0+, and FWSM 3.2+ operating systems. For
more information on configuring these rules, see Chapter 56, “Configuring Service Policy Rules on
Firewall Devices”.
Navigation Path
Select Manage > Policy Objects, then select Traf fic F lows from the Object Type selector. Right-click
inside the work area and choose New Object, or right-click a row and choose Edit Object.
Table56-4 Add/Edit CXSC Auth Proxy Configuration Dialog Box
Element Description
CXSC Auth Proxy Port The default authentication proxy TCP port is 885; however, if you
change it, you must enter a port number between 1024 and 65535.