04-19-2023 01:56 AM
We need Trustsec SXP to ASA via Internet facing Interface for using Security Group Tags in access control lists.
VPN is encrypting traffic to outside interface, the whole SXP connection is encrypted.
Has somebody success in this scenario ? We can see on ASA SYN timeouts, like process is not running on outside interfaces. inside interfaces are ignored by CTS SXP when peer is on other interfaces.
04-19-2023 02:00 AM
04-19-2023 02:12 AM
There is no ISE, this is DC environment with Nexus 9000. There is also no ASAv. This is Firepower 2100.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide