Name: Cisco ASA 5506-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

6-23

Cisco ASA Series Firewall CLI Configuration Guide

Chapter 6 ASA and Cisco TrustSec

Guidelines for Cisco TrustSec

Note If there is no matched IP-SGT mapping from the IP-SGT Manager, then a reserved SGT value of “0x0”

for “Unknown” is used.

The following table describes the expected behavior for egress traffic when configuring this feature.

The following table describes the expected behavior for to-the-box and from-the-box traffic when

configuring this feature.

Note If there is no matched IP-SGT mapping from the IP-SGT Manager, then a reserved SGT value of “0x0”

for “Unknown” is used.

The cts manual command and the

policy static sgt sgt_number command

are both issued.

SGT value is from the policy static sgt

sgt_number command.

SGT value is from the policy static sgt

sgt_number command.

The cts manual command and the

policy static sgt sgt_number trusted

command are both issued.

SGT value is from the inline SGT in the

packet.

SGT value is from the policy static sgt

sgt_number command.

Table 6-3 Ingress Traffic

Interface Configuration Tagged Packet Received Untagged Packet Received

Table 6-4 Egress Traffic

Interface Configuration Tagged or Untagged Packet Sent

No command is issued. Untagged

The cts manual command is issued. Tagged

The cts manual command and the propagate sgt command are both issued. Tagged

The cts manual command and the no propagate sgt command are both issued. Untagged

Table 6-5 To-the-box and From-the-box Traffic

Interface Configuration Tagged or Untagged Packet Received

No command is issued on the ingress interface for to-the-box

traffic.

Packet is dropped.

The cts manual command is issued on the ingress interface

for to-the-box traffic.

Packet is accepted, but there is no policy enforcement or SGT

propagation.

The cts manual command is not issued or the cts manual

command and no propagate sgt command are both issued on

the egress interface for from-the-box traffic.

Untagged packet is sent, but there is no policy enforcement.

The SGT number is from the IP-SGT Manager.

The cts manual command is issued or the cts manual

command and the propagate sgt command are both issued on

the egress interface for from-the-box traffic.

Tagged packet is sent. The SGT number is from the IP-SGT

Manager.

Other manuals for Cisco ASA 5506-X

Quick Start Guide14 pages

Easy Setup Guide11 pages

Installation Guide46 pages

Software Guide37 pages

Hardware Installation Guide52 pages

Mount And Connect12 pages

Mount The Chassis10 pages

Questions and Answers:

Need help?

Do you have a question about the Cisco ASA 5506-X and is the answer not in the manual?

Cisco ASA 5506-X Specifications

General

Model	ASA 5506-X
Firewall Throughput	750 Mbps
Maximum Firewall Connections	50, 000
Maximum VPN Peers	50
Integrated Ports	8 x 1 GE
Stateful Inspection Throughput	750 Mbps
Weight	4.4 lb (2 kg)
Firewall Throughput (Multiprotocol)	750 Mbps
Firewall Throughput (Application Visibility and Control AVC)	250 Mbps
Concurrent Sessions	50, 000
New Connections per Second	10, 000
IPsec VPN Throughput	100 Mbps
Interfaces	8 x 1 GE
Memory	4 GB
Flash Memory	8 GB
Form Factor	Desktop
VPN Throughput	100 Mbps
Maximum Concurrent Sessions	50, 000
New Sessions per Second	10, 000
Operating Temperature	32 to 104°F (0 to 40°C)
Storage Temperature	-13 to 158°F (-25 to 70°C)
Power Supply	External
Humidity	10% to 90% non-condensing