cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
382
Views
1
Helpful
2
Replies

CTS SXP to outside Interface of ASA

kerstin-534
Level 1
Level 1

We need Trustsec SXP to ASA via Internet facing Interface for using Security Group Tags in access control lists.

VPN is encrypting traffic to outside interface, the whole SXP connection is encrypted.

Has somebody success in this scenario ? We can see on ASA SYN timeouts, like process is not running on outside interfaces. inside interfaces are ignored by CTS SXP when peer is on other interfaces.

 

 

2 Replies 2

There is no ISE, this is DC environment with Nexus 9000. There is also no ASAv. This is Firepower 2100.

Review Cisco Networking for a $25 gift card