References

TrustSec Device Configuration

Device configuration for ASA-5505

1. Configuring RADIUS on ASA.

Configuring RADIUS on ASA

conf t

aaa-server ise1 protocol radius

aaa-server ise1 host 192.168.1.23 {shared secret}  

2. Create Server-Group.

Create Server-Group

conf t

aaa-server ciscoasa protocol radius

aaa-server ciscoasa(inside) host 192.168.1.23

key Richard08

exit

cts server-group ciscoasa  

3. Import OOB PAC file from Network Configuration.

Import OOB PAC file from Network Configuration

conf t

cts import-pac [ftp://jeppich:Richard08192.168.1.13/ciscoasa.pac](ftp://jeppich:Richard08192.168.1.13/ciscoasa.pac) password Richard08 {shared secret}  

4. Configuring the ASA as SPX Listener.

Configuring the ASA as SPX Listener

conf t

cts sxp enable

cts sxp default password Richard08 {password should match other SXP devices}

cts sxp default source-ip 192.168.1.1 {ASA internal IP address}

cts sxp connection peer 192.168.1.2 {switch IP address} password default mode local listener

cts sxp default sxp connection peer 192.168.1.37 {bayshore} password default mode local listener  

5. To check if the ASA is receiving SGT mappings, refer to the right hand panel.

Check if the ASA is receiving SGT mappings

conf t

sh cts sxp sgt-map ipv4 detail