You are here
SEC0219 - ISE 2.0 TrustSec - FlexVPN and ZBFW (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video attempts to implement SGT propagation across a WAN over FlexVPN. We will demonstrate capability of Cisco router in participating Cisco TrustSec including joining SGT trust domain, Network Device Authorization, SGT propagation, and enforcement. We will configure ZBFW to utilize source SGT in conjunction with ACL to restrict network access.
Part 1 of this video covers adding router to TrustSec domain and enable SGT over FlexVPN
Topic:
- SGT Manual Trust
- SGT Over FlexVPN
- Network Device Authorization (Router)
- Zone-Based Firewall (ZBFW)
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
4 comments
FlexVPN
Hello. https://www.cisco.com/en/US/docs/ios-xml/ios/sec_usr_cts/configuration/1... , in this link it is written that SGT tagging over VPN is not supported with FlexVPN. But in you videos you are using FlexVPN. May you explain?
FlexVPN
The article was from 2011. May be it wasn't supported back then. Below is another Cisco doc that tell you how to do it so clearly it is supported.
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/116499-confi...
Re:FlexVPN
Thank you for clarification. One more question: I really admire your job and your videos really helped me in practice and exam preparation. I wonder whether you have plans like creating video series for WSA,ESA,CWS for preparing SITCS exam.
FlexVPN
We do not at this time.