EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #925 background imageLoading...
Page #925 background image
1-21
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the ASA to Integrate with Cisco TrustSec
Configuration Example
! If user Tom or object_group security objgrp-hr-admin needs to be matched, multiple ACEs can be defined as
follows:
access-list idfw-acl2 permit ip user CSCO\Tom 10.1.1.0 255.255.255.0 object-group-security
objgrp-hr-servers any
access-list idfw-acl2 permit ip object-group-security objgrp-hr-admin 10.1.1.0 255.255.255.0
object-group-security objgrp-hr-servers any
Collecting User Statistics
To activate the collection of user statistics by the Modular Policy Framework and match lookup actions
for the Identify Firewall, enter the following command:
Configuration Example
The following configuration example shows how to perform a complete configuration to integrate the
ASA with Cisco TrustSec:
// Import an encrypted CTS PAC file
cts import-pac asa.pac password Cisco
// Configure ISE for environment data download
aaa-server cts-server-list protocol radius
aaa-server cts-server-list host 10.1.1.100 cisco123
cts server-group cts-server-list
// Configure SXP peers
cts sxp enable
cts sxp connection peer 192.168.1.100 password default mode peer speaker
//Configure security-group based policies
object-group security objgrp-it-admin
security-group name it-admin-sg-name
security-group tag 1
object-group security objgrp-hr-admin
security-group name hr-admin-sg-name
group-object it-admin
object-group security objgrp-hr-servers
security-group name hr-servers-sg-name
access-list hr-acl permit ip object-group-security objgrp-hr-admin any
object-group-security objgrp-hr-servers
Command Purpose
user-statistics [accounting | scanning]
Example:
hostname(config)# class-map c-identity-example-1
hostname(config-cmap)# match access-list
identity-example-1
hostname(config-cmap)# exit
hostname(config)# policy-map p-identity-example-1
hostname(config-pmap)# class c-identity-example-1
hostname(config-pmap)# user-statistics accounting
hostname(config-pmap)# exit
hostname(config)# service-policy p-identity-example-1
interface outside
Activates the collection of user statistics by the Modular
Policy Framework and matches lookup actions for the
Identify Firewall.
The accounting keyword specifies that the ASA collect the
sent packet count, sent drop count, and received packet count.
The scanning keyword specifies that the ASA collect only the
sent drop count.
When you configure a policy map to collect user statistics, the
ASA collects detailed statistics for selected users. When you
specify the user-statistics command without the accounting
or scanning keywords, the ASA collects both accounting and
scanning statistics.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals