EasyManuals Logo
Home>Cisco>Firewall>ASA 5512-X

Cisco ASA 5512-X Configuration Guide

Cisco ASA 5512-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #93 background imageLoading...
Page #93 background image
6-11
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 6 ASA and Cisco TrustSec
Guidelines for Cisco TrustSec
2. Choose Policy > Policy Elements > Results > Security Group Access > Security Group.
3. Add a security group for the ASA. (Security groups are global and not ASA specific.)
The ISE creates an entry under Security Groups with a tag.
4. In the Security Group Access area, configure device ID credentials and a password for the ASA.
Generate the PAC File
To generate the PAC file, perform the following steps:
1. Log into the ISE.
2. Choose Administration > Network Resources > Network Devices.
3. From the list of devices, choose the ASA.
4. Under the Security Group Access (SGA), click Generate PAC.
5. To encrypt the PAC file, enter a password.
The password (or encryption key) that you enter to encrypt the PAC file is independent of the
password that was configured on the ISE as part of the device credentials.
The ISE generates the PAC file. The ASA can import the PAC file from flash or from a remote server via
TFTP, FTP, HTTP, HTTPS, or SMB. (The PAC file does not have to reside on the ASA flash before you
can import it.)
Note The PAC file includes a shared key that allows the ASA and ISE to secure the RADIUS transactions that
occur between them. For this reason, make sure that you store it securely on the ASA.
Guidelines for Cisco TrustSec
This section includes the guidelines and limitations that you should review before configuring Cisco
TrustSec.
Failover
• Supports a list of servers via configuration. If the first server is unreachable, the ASA tries to contact
the second server in the list, and so on. However, the server list downloaded as part of the Cisco
TrustSec environment data is ignored.
• When the ASA is part of a failover configuration, you must import the PAC file to the primary ASA
device.
• When the ASA is part of a failover configuration, you must refresh the environment data on the
primary ASA device.
Clustering
• When the ASA is part of a clustering configuration, you must import the PAC file to the master unit.
• When the ASA is part of a clustering configuration, you must refresh the environment data on the
master unit.

Table of Contents

Other manuals for Cisco ASA 5512-X

Preview: Quick Start Guide
Quick Start Guide14 pages
Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide74 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5512-X and is the answer not in the manual?

Cisco ASA 5512-X Specifications

General IconGeneral
BrandCisco
ModelASA 5512-X
CategoryFirewall
LanguageEnglish

Related product manuals