Support User Manuals

Cisco Systems CL-28826-01 Security Camera User Manual

Open as PDF

of 2616

14-8

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter 14 Managing TrustSec Firewall Policies

Configuring TrustSec Firewall Policies

Configuring Cisco TrustSec Services

This procedure explains how to enable and configure Cisco TrustSec in Cisco Security Manager and on

the required security devices.

Before You Begin

Before configuring an ASA to integrate with Cisco TrustSec, you must meet the prerequisites explained

in Prerequisites for Integrating an ASA with Cisco TrustSec, page 14-6.

To configure Cisco TrustSec, perform the following tasks:

Step 1 Configure communication between Cisco Security Manager and the Cisco Identity Services Engine

(ISE). See ISE Settings Page, page 11-39.

Step 2 Enable and set the default values for the Security Exchange Protocol (SXP). See Configuring Security

Exchange Protocol (SXP) Settings, page 14-8.

Step 3 Add SXP connection peers for the Cisco TrustSec architecture. See Defining SXP Connection Peers,

page 14-9.

Step 4 Configure the Security Policy. See Configuring TrustSec-Based Firewall Rules, page 14-13.

Step 5 Monitor the TrustSec firewall system. See Monitoring TrustSec Firewall Policies, page 14-14.

Configuring Security Exchange Protocol (SXP) Settings

Configuring the Security Exchange Protocol (SXP) involves enabling the protocol on the ASA and

setting the following default values for SXP:

• The retry interval for SXP connections

• The Cisco TrustSec SXP reconcile period

• The RADIUS server group defined on the ISE.

Navigation Path

• (Device view) Select an ASA device, then select TrustSec > SXP Settings from the Policy selector.

• (Policy view) Select TrustSec > SXP Settings from the Policy selector. Select an existing policy or

create a new one.

Related Topics

• Prerequisites for Integrating an ASA with Cisco TrustSec, page 14-6

• Defining SXP Connection Peers, page 14-9

Field Reference

Table 14-1 SXP Settings Page

Element Description

Enable SGT Exchange

Protocol (SXP)

Whether to enable the Security Exchange Protocol on the device. The

default is disabled

previous next