1-20
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the ASA CX Module
Troubleshooting the ASA CX Module
TCP outside 208.80.152.2:80 inside 192.168.1.20:59928, idle 0:00:10, bytes 79174, flags
XUIO
Capturing Module Traffic
To configure and view packet captures for the ASA CX module, enter one of the following commands:
Note Captured packets contain an additional AFBP header that your PCAP viewer might not understand; be
sure to use the appropriate plugin to view these packets.
Troubleshooting the ASA CX Module
• Debugging the Module, page 1-20
• Problems with the Authentication Proxy, page 1-21
Debugging the Module
To enable ASA CX debugging, enter the following command:
When you enable the authentication proxy, the ASA generates a debug messge when it sends an
authentication proxy TLV to the ASA CX module, giving details of IP and port:
DP CXSC Event: Sent Auth proxy tlv for adding Auth Proxy on interface: inside4.
DP CXSC Event: Sent Auth proxy tlv for adding Auth Proxy on interface: cx_inside.
DP CXSC Event: Sent Auth proxy tlv for adding Auth Proxy on interface: cx_outside.
When the interface IP address is changed, auth-proxy tlv updates are sent to CXSC:
DP CXSC Event: Sent Auth proxy tlv for removing Auth Proxy for interface inside.
DP CXSC Event: Sent Auth proxy tlv for adding Auth Proxy on interface: inside.
When a flow is freed on the ASA, the ASA CX module is notified so it can clean up the flow:
DP CXSC Msg: Notifying CXSC that flow (handle:275233990) is being freed for
192.168.18.5:2213 -> 10.166.255.18:80.
Command Purpose
capture name interface asa_dataplane
Captures packets between ASA CX module and the ASA on the
backplane.
copy capture
Copies the capture file to a server.
show capture
Shows the capture at the ASA console.
Command Purpose
debug cxsc [error | event | message]
Enables debugs at error, event, or message level.
To Next Page
Loading...
Need help?
General
