I know the ASA can use VM attributes in their policy (basically it sucks in the attribute to IP mappings from vCenter). I don't see why the ASA couldn't have a ACL that uses both VM attributes and Trustsec tags.
I was wondering if we've ever thought about giving ISE the capability to make trustsec/IP mappings using VMWare attributes? And then SXP-speak them out to the infrastructure. Seems pretty slick to me.
Solved! Go to Solution.