Add An Sxp Connection Peer - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 6
ASA and Cisco TrustSec
hostname(config)# cts sxp retry period 60
hostname(config)# cts sxp reconcile period 60
Add an SXP Connection Peer
To add an SXP connection peer, perform the following steps:
Procedure
Enable SXP on the ASA. By default, SXP is disabled.
Step 1
cts sxp enable
Example:
hostname(config)# cts sxp enable
Set up an SXP connection to an SXP peer.
Step 2
cts sxp connection peer peer_ip_address [source source_ip_address] password {default |
none} [mode {local | peer}] {speaker | listener}
Example:
hostname(config)# cts sxp connection peer 192.168.1.100 password default mode peer speaker
SXP connections are set per IP address; a single device pair can service multiple SXP connections.
The peer_ip_address argument is the IPv4 or IPv6 address of the SXP peer. The peer IP address must be
reachable from the ASA outgoing interface.
The source_ip_address argument is the local IPv4 or IPv6 address of the SXP connection. The source
IP address must be the same as the ASA outbound interface or the connection fails.
We recommend that you do not configure a source IP address for an SXP connection and allow the ASA
to perform a route/ARP lookup to determine the source IP address for the SXP connection.
Indicate whether or not to use the authentication key for the SXP connection:
•
•
Indicate the mode of the SXP connection:
•
•
Indicate whether the ASA functions as a Speaker or Listener for the SXP connection.
•
•
Examples
The following example shows how to configure SXP peers on the ASA:
hostname(config)# cts sxp enable
hostname(config)# cts sxp connection peer 192.168.1.100 password default mode peer speaker
hostname(config)# cts sxp connection peer 192.168.1.101 password default mode peer
default—Use the default password configured for SXP connections.
none—Do not use a password for the SXP connection.
local—Use the local SXP device.
peer—Use the peer SXP device.
speaker— The ASA can forward IP-SGT mapping to upstream devices.
listener—The ASA can receive IP-SGT mapping from downstream devices.
Cisco ASA Series Firewall CLI Configuration Guide
Guidelines for Cisco TrustSec
6-19
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
