1-8
Cisco ASA Series CLI Configuration Guide
 
Chapter 1      Introduction to the Cisco ASA
  New Features
Table 1-5 New Features for ASA Version 9.0(1)/ASDM Version 7.0(1)
Feature Description
Firewall Features
Cisco TrustSec integration Cisco TrustSec provides an access-control solution that builds upon an existing 
identity-aware infrastructure to ensure data confidentiality between network 
devices and integrate security access services on one platform. In the Cisco 
TrustSec solution, enforcement devices utilize a combination of user attributes 
and end-point attributes to make role-based and identity-based access control 
decisions. 
In this release, the ASA integrates with Cisco TrustSec to provide security 
group based policy enforcement. Access policies within the Cisco TrustSec 
domain are topology-independent, based on the roles of source and destination 
devices rather than on network IP addresses. 
The ASA can utilize the Cisco TrustSec solution for other types of security 
group based policies, such as application inspection; for example, you can 
configure a class map containing an access policy based on a security group. 
We introduced or modified the following commands: access-list extended, cts 
sxp enable, cts server-group, cts sxp default, cts sxp retry period, cts sxp 
reconcile period, cts sxp connection peer, cts import-pac, cts refresh 
environment-data, object-group security, security-group, show 
running-config cts, show running-config object-group, clear configure cts, 
clear configure object-group, show cts, show object-group, show 
conn 
security-group, clear cts, debug cts.
We introduced the following MIB: CISCO-TRUSTSEC-SXP-MIB.
We introduced or modified the following screens: 
Configuration > Firewall > Identity by TrustSec
Configuration > Firewall > Objects > Security Groups Object Groups
Configuration > Firewall > Access Rules > Add Access Rules
Monitoring > Properties > Identity by TrustSec > PAC
Monitoring > Properties > Identity by TrustSec > Environment Data
Monitoring > Properties > Identity by TrustSec > SXP Connections
Monitoring > Properties > Identity by TrustSec > IP Mappings
Monitoring > Properties > Connections
Tools > Packet Tracer