Cisco Cisco ASA 5520 Adaptive Security Appliance Notas de publicación
3
Release Notes for the Cisco ASA Device Package Software, Version 1.2(5.21) for ACI
New Features in 1.2(5.5)
•
Configuring SGT-to-IP address role-based mapping manually
•
Security groups in an access control entry to leverage SGT-to-IP mapping
•
Security object group
In the example below, only IP addresses that belong to the Security Group “Engineering” are allowed to
access EPG App, while denying all other Security Groups.
access EPG App, while denying all other Security Groups.
Figure 1-1
Example Configuration
Restrictions
The PAC file from the ISE will need to be imported as part of pre-provisioning. Refreshing the
environment data from the ISE will need to be done out-of-band.
environment data from the ISE will need to be done out-of-band.
For details about Configuring the ASA to Integrate with Cisco TrustSec, see:
http://www.cisco.com/
c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/aaa_trustsec.pdf
Note
Cisco Application Centric Infrastructure (ACI) does not have native support of the Security-group
eXchange Protocol (SXP). Therefore, in order to use TrustSec in ASA for ACI, you must have an
SXP-capable switch.
eXchange Protocol (SXP). Therefore, in order to use TrustSec in ASA for ACI, you must have an
SXP-capable switch.
Cisco ACI is a distributed, scalable, multi-tenant infrastructure with external end-point connectivity
controlled and grouped through application-centric policies. SXP is the protocol used to propagate the
IP-to-SGT mapping database across network devices that do not have SGT-capable hardware support.
The Cisco Application Policy Infrastructure Controller (APIC) is a unified point of automation,
management, monitoring, and programmability for the Cisco ACI.
controlled and grouped through application-centric policies. SXP is the protocol used to propagate the
IP-to-SGT mapping database across network devices that do not have SGT-capable hardware support.
The Cisco Application Policy Infrastructure Controller (APIC) is a unified point of automation,
management, monitoring, and programmability for the Cisco ACI.
Tip
To use TrustSec in ASA for ACI, changes to your network topology might be required. For details about
the required topology and configuration examples, see the Cisco listing page shown below. This
information will be available by March 14, 2016.
the required topology and configuration examples, see the Cisco listing page shown below. This
information will be available by March 14, 2016.