06-11-2023 11:09 AM - edited 06-11-2023 11:14 AM
Hi all;
Suppose I want to enforce Internet access on ASA based on TrustSec SGTs. In this scenario, which SGT IP mapping I have to create so creating ASA access control list based on that to manage Internet access?
Thanks
Solved! Go to Solution.
06-20-2023 02:29 PM
Classify most things on the network then you can use Unknown/0 for things unknown I.e. internet.
You could explicitly map all internet prefixes to an SGT (subnets to SGT), arduous but do-able.
The best option is to statically map 0.0.0.0/0 to an SGT on your default GWs to the internet. This provides a default route SGT I.e. internet: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-12/configuration_guide/cts/b_1612_cts_9200_cg/configuring_sgt_mapping.html#id_121354
View solution in original post
06-11-2023 11:17 AM
You run lab and share result here am I right'
I see in you lab there is v FW in your lab.
06-11-2023 08:02 PM
Yes, you are right.
06-20-2023 08:27 PM
Thanks, very helpful...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
