https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3396901#M548458 <P>Dears,</P> <P>I am really new to trust sec and&nbsp;we have a&nbsp;ISE in a corporate, how I can take benefit of trust sec if I am having ASA-SM as a core datacenter firewall and ASA-5525X on a perimeter firewall and 2960XR switches on the access layer with IP base licenses</P> <P>&nbsp;</P> <P>I am using following features of ISE which fits to my corporate also trust sec will fit but I don't know how I can design and implement trust sec feature. I can say it is a replacement of CDA ( context directory Agent) or it does much more than CDA ???</P> <OL> <LI>Any connect client for Dot1x</LI> <LI>Posture</LI> <LI>Profiling</LI> <LI>VPN users authentication</LI> <LI>Tacacs administration</LI> <LI>Pxgrid with firepower</LI> </OL> <P>Thanks</P> Fri, 21 Feb 2020 18:57:58 GMT adamgibs7 2020-02-21T18:57:58Z https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3396901#M548458 <P>Dears,</P> <P>I am really new to trust sec and&nbsp;we have a&nbsp;ISE in a corporate, how I can take benefit of trust sec if I am having ASA-SM as a core datacenter firewall and ASA-5525X on a perimeter firewall and 2960XR switches on the access layer with IP base licenses</P> <P>&nbsp;</P> <P>I am using following features of ISE which fits to my corporate also trust sec will fit but I don't know how I can design and implement trust sec feature. I can say it is a replacement of CDA ( context directory Agent) or it does much more than CDA ???</P> <OL> <LI>Any connect client for Dot1x</LI> <LI>Posture</LI> <LI>Profiling</LI> <LI>VPN users authentication</LI> <LI>Tacacs administration</LI> <LI>Pxgrid with firepower</LI> </OL> <P>Thanks</P> Fri, 21 Feb 2020 18:57:58 GMT https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3396901#M548458 adamgibs7 2020-02-21T18:57:58Z https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3396906#M548459 <P>Using ISE you can assign a Trustsec TAG (SGT) to each user/computer, this is defined in the authorization policy, and can be assigned depending on AD group membership and/or whether the user passes or fails posture etc. These SGTs can be used in the firewall ruleset to permit/deny access. If you integrate ISE with Firepower using pxgrid you can initiate user quarantine if their computer has malware etc.</P> <P>&nbsp;</P> <P><A href="https://communities.cisco.com/community/technology/security/pa/trustsec" target="_self">This link</A> is the best place to start for TrustSec information</P> Sat, 09 Jun 2018 21:45:33 GMT https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3396906#M548459 Rob Ingram 2018-06-09T21:45:33Z https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3397152#M548462 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/97036">@Rob Ingram</a>&nbsp;I don't believe the ASA-SM is on the Trustsec Compatibility Matrix.</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/software-platform-capability-matrix.pdf" target="_blank">https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/software-platform-capability-matrix.pdf</A></P> Mon, 11 Jun 2018 04:39:15 GMT https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3397152#M548462 Marvin Rhoads 2018-06-11T04:39:15Z https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3400701#M548463 <P>Dears</P> <P>Thanks for the reply,</P> <P>+5 to you both, I will reply further on this post as I have many question on the trust sec.</P> <P>&nbsp;</P> <P>Regards</P> Sat, 16 Jun 2018 22:42:23 GMT https://community.cisco.com/t5/network-access-control/ise-trust-sec/m-p/3400701#M548463 adamgibs7 2018-06-16T22:42:23Z