03-05-2018 08:43 AM - last edited on 03-25-2019 05:36 PM by ciscomoderator
I have a client that is looking to segment their network. They were initially thinking either ACL's on their switches or using a FW. However, after talking to them about ISE and TrustSec, they are interested in that solution. The client is an international company, so they have a branch/campus network layout. In researching how TrustSec works in this scenario, I found the following guide:
It mentions having the WAN connectivity being encrypted, but I also heard there is an encapsulation method that you can use instead. However, I cannot find anything on the encapsulation method, how it works and what devices are required. Issue we have at this client is even though their WAN links are connected with Cisco routers, they do not manage them. So getting this provider to implement a VPN across the WAN links for TrustSec may not happen.
If someone can provide me that information, it would be appreciated.
Dan
Solved! Go to Solution.
03-05-2018 11:39 AM
I would highly recommend you watching Cisco Live presentations on TrustSec if you are just starting with the technology.
I think what you are referring to is how you'll be able to propagate tags from branch to headquarters and vice versa.
Propagation of tags can be via data plane like you mentioned over VPN - dmvpn or getvpn etc.
If propagation via data plane is not possible then SXP allows you to achieve propagation in control plane by sending the mappings over a separate protocol.
03-05-2018 11:39 AM
I would highly recommend you watching Cisco Live presentations on TrustSec if you are just starting with the technology.
I think what you are referring to is how you'll be able to propagate tags from branch to headquarters and vice versa.
Propagation of tags can be via data plane like you mentioned over VPN - dmvpn or getvpn etc.
If propagation via data plane is not possible then SXP allows you to achieve propagation in control plane by sending the mappings over a separate protocol.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide