14-10
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 14 Managing TrustSec Firewall Policies
Configuring TrustSec Firewall Policies
Note ASA Software 9.0(1)+ is required for TrustSec firewall.
Related Topics
Prerequisites for Integrating an ASA with Cisco TrustSec, page 14-6
About Speaker and Listener Roles, page 14-6
Configuring Security Exchange Protocol (SXP) Settings, page 14-8
Step 1 Do one of the following:
(Device view) Select an ASA device, then select TrustSec > SXP Connection Peers from the Policy
selector.
(Policy view) Select TrustSec > SXP Connection Peers from the Policy selector. Select an existing
policy or create a new one.
Step 2 In Default Source, enter the default local IP address for SXP connections. You can enter an IP address
or the name of a network/host object, or click Select to select the object from a list or to create a new
one. The IP address can be an IPv4 or IPv6 address.
Note The ASA determines the local IP address for an SXP connection as the outgoing interface IP
address that is reachable by the peer IP address. If the configured local address is different from
the outgoing interface IP address, the ASA cannot connect to the SXP peer and generates a
system log message.
Step 3 In Default Password and Confirm, enter the default password for TCP MD5 authentication with SXP
peers. By default, SXP connections do not have a password set.
You can specify the password as an encrypted string up to 162 characters or an ASCII key string up to
80 characters.
Step 4 Configure the SXP Peers:
You can do the following:
To add an entry, click the Add Row (+) button and fill in the Add Connection Peer dialog box. See
Add/Edit Connection Peer Dialog Box, page 14-10.
To edit an entry, select it and click the Edit Row (pencil) button.
To delete an entry, select it and click the Delete Row (trash can) button.
Step 5 Click Save to save your changes.
Add/Edit Connection Peer Dialog Box
Use the Add/Edit Connection Peer dialog box to define the settings for an SXP Connection.
Navigation Path
(Device view) Select an ASA device, then select TrustSec > SXP Connection Peers from the Policy
selector.
To add an entry, click the Add Row (+) button.
To edit an entry, select it and click the Edit Row (pencil) button.