Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
1
Replies

ASA CX TrustSec support

i.va
Level 3
Level 3

‎08-27-2013 06:58 AM - edited ‎03-11-2019 07:31 PM

Hi,

Unfortunately the ASA CX Module (unlike the ASA itself) currently does not seem to support TrustSec (SXP, SGT).

"Q.

Does ASA CX work with the Cisco Identity Services Engine for identity enforcement?

#

A. Not with the current release. Currently, ASA CX uses the Cisco AD agent, which is a component of the Identity Services Engine, for identification. The AD agent tracks all users who are logged into the network and maps the source IP addresses. In a future release, ASA CX will also support access control based on TrustSec tags."

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/qa_c67-700607.html

Does anybody from Cisco have an indication on when this feature will be supported, and if it will be supported on Software CX Module Devices (e.g. ASA5512-X).

I find it disappointing that this feature is lacking in the area where it seems most needed. Is there currently no way the CX Module itself can differentiate between flows with different SGTs?

I would appreciate a speedy reply.

Thanks in advance!

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-27-2013 09:38 PM

Roadmap information such as this is only shared under non-disclosure and is not available in a public forum.

I would imagine it's not in the early CX release because these are positioned as primarily Internet edge devices and very few customers are using SGT at all as of yet - and very very few are using it at the edge.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card