Cisco Cisco ASA 5515-X Adaptive Security Appliance Manual Técnica
27
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(5)
Support for Cisco TrustSec
Configuring an ISE AAA-Server for TrustSec
ASA Configuration
aaa-server __$ISEServer$__ protocol radius
aaa-server __$ISEServer$__ (management) host 192.168.102.241
key *****
cts server-group __$ISEServer$__
XLM Example
test1_trustSecxml='''\
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="TrustSec" name="TrustSec">
<vnsDevFolder key="ISEServerGroup" name="ise">
<vnsDevFolder key="AAAServer" name="ise">
<vnsDevParam key="host" name="host" value="192.168.102.241"/>
<vnsDevParam key="key" name="key" value="cisco123"/>
</vnsDevFolder>
</vnsDevFolder>
</vnsDevFolder>
</vnsLDevVip>
</fvTenant>
</polUni>
'''
Manually Assigning a Security Group Tag (SGT) to an IP Host Mapping
ASA Configuration
cts role-based sgt-map 30.30.30.100 sgt 100
cts role-based sgt-map 2001:3030:30::112 sgt 65519
XLM Example
test2_trustSecxml='''\
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="TrustSec" name="TrustSec">
<vnsDevFolder key="TrustSecSGTMap" name="SGTMap">
<vnsDevParam key="ip_address" name="ip_address" value="30.30.30.100"/>
<vnsDevParam key="security_group_tag" name="tag" value="100"/>
</vnsDevFolder>
<vnsDevFolder key="TrustSecSGTMap" name="SGTMap2">
<vnsDevParam key="ip_address" name="ip_address" value="2001:3030:30::112"/>
<vnsDevParam key="security_group_tag" name="tag" value="65519"/>
</vnsDevFolder>
</vnsDevFolder>
</vnsLDevVip>
</fvTenant>
</polUni>
'''