6-28
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 6 ASA and Cisco TrustSec
History for Cisco TrustSec
• show cts pac
History for Cisco TrustSec
Table 6-6 History for Cisco TrustSec
Feature Name
Platform
Releases Description
Cisco TrustSec 9.0(1) Cisco TrustSec provides access control that builds on an existing identity-aware
infrastructure to ensure data confidentiality between network devices and
integrate security access services on one platform. In the Cisco TrustSec
feature, enforcement devices use a combination of user attributes and endpoint
attributes to make role-based and identity-based access control decisions.
In this release, the ASA integrates with Cisco TrustSec to provide security
group-based policy enforcement. Access policies within the Cisco TrustSec
domain are topology-independent, based on the roles of source and destination
devices rather than on network IP addresses.
The ASA can use Cisco TrustSec for other types of security group-based
policies, such as application inspection; for example, you can configure a class
map that includes an access policy based on a security group.
We introduced or modified the following commands: access-list extended, cts
sxp enable, cts server-group, cts sxp default, cts sxp retry period, cts sxp
reconciliation period, cts sxp connection peer, cts import-pac, cts refresh
environment-data, object-group security, security-group, show
running-config cts, show running-config object-group, clear configure cts,
clear configure object-group, show cts pac, show cts
environment-data,
show cts environment-data sg-table, show cts sxp connections, show
object-group, show configure security-group, clear cts environment-data,
debug cts, and packet-tracer.
Layer 2 Security Group Tag
Imposition
9.3(1) You can now use security group tagging combined with Ethernet tagging to
enforce policies. SGT plus Ethernet Tagging, also called Layer 2 SGT
Imposition, enables the ASA to send and receive security group tags on Ethernet
interfaces using Cisco proprietary Ethernet framing (EtherType 0x8909), which
allows the insertion of source security group tags into plain-text Ethernet
frames.
We introduced or modified the following commands: cts manual, policy static
sgt, propagate sgt, cts role-based sgt-map, show cts sgt-map, packet-tracer,
capture, show capture, show asp drop, show asp table classify, show
running-config all, clear configure all, and write memory.
To Next Page
Loading...
Need help?
General