Cisco ASA Series Cli Configuration Manual page 919

Chapter 1 Configuring the ASA to Integrate with Cisco TrustSec
To configure SXP, perform the following steps:
Command
Step 1
hostname(config)# cts sxp enable
Step 2
hostname(config)# cts sxp default source-ip
ipaddress
Example:
hostname(config)# cts sxp default source-ip
192.168.1.100
Step 3
hostname(config)# cts sxp default password [0 | 8]
password
Example:
hostname(config)# cts sxp default password 8
IDFW-TrustSec-99
Configuring the ASA for Cisco TrustSec Integration
Purpose
If necessary, enables SXP on the ASA. By default,
SXP is disabled.
In multi-context mode, enabling SXP is done in the
user context.
Configures the default source IP address for SXP
connections.
Where ipaddress is an IPv4 or IPv6 address.
When you configure a default source IP address for
SXP connections, you must specify the same address
as the ASA outbound interface. If the source IP
address does not match the address of the outbound
interface, SXP connections will fail.
When a source IP address for an SXP connection is
not configured, the ASA performs a route/ARP
lookup to determine the outbound interface for the
SXP connection. See Adding an SXP Connection
Peer, page 1-17 for information about configuring a
default source IP address for all SXP connections.
Configures the default password for TCP MD5
authentication with SXP peers. By default, SXP
connections do not have a password set.
Configuring an encryption level for the password is
optional. If you configure an encryption level, you
can only set one level:
•
Level 0—unencrypted cleartext
•
Level 8—encrypted text
Where password specifies an encrypted string up to
162 characters or an ASCII key string up to 80
characters.
Cisco ASA Series CLI Configuration Guide
1-15