asa 9 trustsec

experts,

with asa 9, there is a new feature that allows it to integrate with trustsec.  That allows for policy based enforcement.

I'm still a novice with trustsec, however can someone explain to me what benefit this feature brings to have enforcement at the ASA?  
Where would policy enforcement happen if it wasn't done on the ASA and what benefit does it offer to do it at the aSA?
trojan81Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btassureCommented:
Here is a good article explaining it:

http://www.networkworld.com/community/blog/cisco-trustsec-makes-your-network-identity-aw

It's not really in context of the ASA but as an example you can use TrustSec to apply your group policies that are generated with TrustSec to determine packet flows at the ASA, rather than trying to restrict edge traffic from the switch ports.
0
trojan81Author Commented:
wouldn't you want to restrict traffic at the closest point to the user which is the switch port?
0
trojan81Author Commented:
what's a good use-case example for having trustsec at the ASA?
0
btassureCommented:
I'll answer both questions at once :)

Yes, you could restrict it all at the switch but it means leaving holes in the security perimeter.

The idea around this stuff is that you would configure internal policies on the ISE (Identity Services Engine) that will span the whole network. Adding the ASA to mix enables you to either plug the gap in the security if you have TrustSec everywhere else, or allows you to run TrustSec at your border even if you can't/don't implement it on your switches.

I'm not sure if that's enough info for a use case? What switches do you have and are you already using TrustSec?

Some more info here:

http://cdwsolutionsblog.com/cisco-asa-version-9-0asdm-version-7-0-finally-here-and-whats-new/#.UmVbglCko6U
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.