1-15
Cisco ASA Series CLI Configuration Guide
Chapter 1 Configuring the ASA to Integrate with Cisco TrustSec
Configuring the ASA for Cisco TrustSec Integration
To configure SXP, perform the following steps:
Command Purpose
Step 1
hostname(config)# cts sxp enable
If necessary, enables SXP on the ASA. By default,
SXP is disabled.
In multi-context mode, enabling SXP is done in the
user context.
Step 2
hostname(config)# cts sxp default source-ip
ipaddress
Example:
hostname(config)# cts sxp default source-ip
192.168.1.100
Configures the default source IP address for SXP
connections.
Where ipaddress is an IPv4 or IPv6 address.
When you configure a default source IP address for
SXP connections, you must specify the same address
as the ASA outbound interface. If the source IP
address does not match the address of the outbound
interface, SXP connections will fail.
When a source IP address for an SXP connection is
not configured, the ASA performs a route/ARP
lookup to determine the outbound interface for the
SXP connection. See Adding an SXP Connection
Peer, page 1-17 for information about configuring a
default source IP address for all SXP connections.
Step 3
hostname(config)# cts sxp default password [0 | 8]
password
Example:
hostname(config)# cts sxp default password 8
IDFW-TrustSec-99
Configures the default password for TCP MD5
authentication with SXP peers. By default, SXP
connections do not have a password set.
Configuring an encryption level for the password is
optional. If you configure an encryption level, you
can only set one level:
• Level 0—unencrypted cleartext
• Level 8—encrypted text
Where password specifies an encrypted string up to
162 characters or an ASCII key string up to 80
characters.
To Next Page
Loading...
Need help?
General
