Cisco Cisco ASA 5585-X Adaptive Security Appliance Manual Técnica
28
XML Examples for the Cisco Application Centric Infrastructure Security Device Package, Version 1.2(5)
Support for Cisco TrustSec
Configuring TrustSec SXP to Get a SGT From an AAA-Server
ASA Configuration
cts sxp enable
cts sxp default password *****
cts sxp reconciliation period 60
cts sxp retry period 60
XLM Example
test3_trustSecxml='''\
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="TrustSec" name="TrustSec">
<vnsDevFolder key="SXP" name="SXP">
<vnsDevParam key="default_password" name="default_password" value="cisco123"/>
<vnsDevParam key="retry_period" name="retry_period" value="60"/>
<vnsDevParam key="enable" name="enable" value="true"/>
<vnsDevParam key="reconciliation_period" name="reconciliation_period" value="60"/>
</vnsDevFolder>
</vnsDevFolder>
</vnsLDevVip>
</fvTenant>
</polUni>
'''
Configuring a SXP Listener and Speaker
ASA Configuration
cts sxp connection peer 2001:3030:30::112 password default mode local listener
cts sxp connection peer 192.168.102.240 password default mode local listener
XLM Example
test4_trustSecxml='''\
<polUni>
<fvTenant name="tenant1">
<vnsLDevVip name="Firewall">
<vnsDevFolder key="TrustSec" name="TrustSec">
<vnsDevFolder key="SXP" name="SXP">
<vnsDevFolder key="peer" name="peer">
<vnsDevParam key="password" name="password" value="default"/>
<vnsDevParam key="ip_address" name="ip_address" value="192.168.102.240"/>
<vnsDevParam key="mode" name="mode" value="local"/>
<vnsDevParam key="role" name="mode" value="listener"/>
</vnsDevFolder>
<vnsDevFolder key="peer" name="peer2">
<vnsDevParam key="password" name="password" value="default"/>