You are here
SEC0062 - ISE 1.1 Security Group Access (SGA) with ASA 9.1 TrustSec (Part 1)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates Cisco TrustSec support on Cisco ASA 9.1 with Cisco ISE. This lab is based on a 3750 switch that is not TrustSec hardware-capable but able to communicate IP-to-SGT mapping via SGT Exchange Protocol (SXP) to the ASA. We will be constructing an ACL based on SGT using the new Security object group. Cisco ISE will be mainly used to provide user authentication, SGT assignment, and the SGT-to-Name mapping to the ASA, although we will go over the remaining web interfaces for Security Group Access (SGA) and what you would need to configure to support the complete TrustSec implementation.
In part 1, we will configure Cisco ISE policies to perform basic user authentication and assign SGT to user.
Topic:
- Security Group Access (SGA)
- Security Group ACL (SGACL)
- Security Group Tag (SGT)
- SGT Exchange Protocol (SXP)
- SGT-to-Name Mapping
- Cisco TrustSec support on ASA 9.1
- SXP Config on a Switch and ASA
- Security object Group
Notes:
- SXP uses TCP 64999 so can work multiple hop
Reference: