Filter
Top Products
56-9
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 56 Configuring Service Policy Rules on Firewall Devices
IPS, QoS, and Connection Rules Page
CXSC tab
Note Security Manager uses “CXSC” in places to refer to an ASA CX Security Services Processor
(SSP).
Enable CXSC For This
Traffic
Check this box to enable redirection of this traffic flow to an ASA CX
installed in the ASA. When this box is checked, the other parameters
on this panel are available.
Note These parameters are applicable only on ASA 5585 devices
running version 8.4.(4)+ that have an ASA CX SSP installed.
On Context Security Card
Failure
Specify the action to be taken if the ASA CX becomes inoperable.
Select either:
• Open – If the ASA CX fails for any reason, the ASA will continue
to pass traffic that would otherwise be redirected to the ASA CX.
• Close – If the ASA CX fails, the ASA will drop any traffic that
would otherwise be redirected to the ASA CX.
Enable Auth Proxy Check this box to enable the authentication proxy, which is required if
you want to use active authentication in the identity policies on the
ASA CX. If not checked, no authentication is performed.
Note You can change the port used for authentication proxy; see ASA
CX Auth Proxy Configuration, page 56-16 for more
information.
Connection Settings tab
Enable Connection Settings
For This Traffic
Enables or disables connection settings for this traffic flow. When this
box is checked, the other parameters on this panel become active. From
the Connection Settings tab you can configure maximum connections,
embryonic connections, timeouts, and TCP parameters.
Table 56-3 Insert/Edit Service Policy (MPC) Rule Wizard—Step 3. Configure the actions.
Element Description