CHAPTER
6-1
Cisco ASA Series Firewall CLI Configuration Guide
6
ASA and Cisco TrustSec
This chapter describes how to implement Cisco TrustSec for the ASA.
• About Cisco TrustSec, page 6-1
• Guidelines for Cisco TrustSec, page 6-11
• Configure the AAA Server for Cisco TrustSec Integration, page 6-13
• Example for Cisco TrustSec, page 6-26
• AnyConnect VPN Support for Cisco TrustSec, page 6-26
• History for Cisco TrustSec, page 6-28
About Cisco TrustSec
Traditionally, security features such as firewalls performed access control based on predefined IP
addresses, subnets, and protocols. However, with enterprises transitioning to borderless networks, both
the technology used to connect people and organizations and the security requirements for protecting
data and networks have evolved significantly. Endpoints are becoming increasingly nomadic and users
often employ a variety of endpoints (for example, laptop versus desktop, smart phone, or tablet), which
means that a combination of user attributes plus endpoint attributes provide the key characteristics (in
addition to existing 6-tuple based rules), that enforcement devices such as switches and routers with
firewall features or dedicated firewalls can reliably use for making access control decisions.
As a result, the availability and propagation of endpoint attributes or client identity attributes have
become increasingly important requirements to enable security across the customers’ networks, at the
access, distribution, and core layers of the network, and in the data center.
Cisco TrustSec provides access control that builds upon an existing identity-aware infrastructure to
ensure data confidentiality between network devices and integrate security access services on one
platform. In the Cisco TrustSec feature, enforcement devices use a combination of user attributes and
endpoint attributes to make role-based and identity-based access control decisions. The availability and
propagation of this information enables security across networks at the access, distribution, and core
layers of the network.
Implementing Cisco TrustSec into your environment has the following advantages:
• Provides a growing mobile and complex workforce with appropriate and more secure access from
any device
• Lowers security risks by providing comprehensive visibility of who and what is connecting to the
wired or wireless network
To Next Page
Loading...
Need help?
General