6-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 6 ASA and Cisco TrustSec
Guidelines for Cisco TrustSec
Step 6 Identify the AAA server group that is used by Cisco TrustSec for environment data retrieval.
cts server-group AAA-server-group-name
Example:
hostname(config)# cts server-group ISEserver
The AAA-server-group-name argument is the name of the AAA server group that you specified in Step
1 in the server-tag argument.
Note You may configure only one instance of the server group on the ASA for Cisco TrustSec.
Examples
The following example shows how to configure the ASA to communicate with the ISE server for Cisco
TrustSec integration:
hostname(config)# aaa-server ISEserver protocol radius
hostname(config-aaa-server-group)# exit
hostname(config)# aaa-server ISEserver (inside) host 192.0.2.1
hostname(config-aaa-server-host)# key myexclusivemumblekey
hostname(config-aaa-server-host)# exit
hostname(config)# cts server-group ISEserver
Step 7
Import a PAC File
This section describes how to import a PAC file.
Before You Begin
• The ASA must be configured as a recognized Cisco TrustSec network device in the ISE before the
ASA can generate a PAC file.
• Obtain the password used to encrypt the PAC file when generating it on the ISE. The ASA requires
this password to import and decrypt the PAC file.
• The ASA requires access to the PAC file generated by the ISE. The ASA can import the PAC file
from flash or from a remote server via TFTP, FTP, HTTP, HTTPS, or SMB. (The PAC file does not
need to reside on the ASA flash before you can import it.)
• The server group has been configured for the ASA.
To import a PAC file, perform the following steps:
Procedure
Step 1 Import a Cisco TrustSec PAC file.
cts import-pac filepath password value
Example:
hostname(config)# cts import-pac disk0:/xyz.pac password IDFW-pac99
To Next Page
Loading...
Need help?
General
