Cisco Trust Agent (CTA) is a software agent that gathers information about certain software installed on the host (such as, Antivirus software level and definition level, Windows update level and others) and sends this off to a ACS server, which then talks to a policy servers (which include, for instance, Trnd Micro Officescan with it's aaosicatied policy server for NAC). CTA is a primary component of Network Admission Control (NAC). NAC can be deployed in several different ways, but comes in two major forms: NAC Framework and NAC Appliance. The basic idea of NAC is to prevent/limit network access to hosts that do not meet a company's anti-virus and update posture.
Cisco Security Agent (CSA) is a complex Agent that is installed on a client from a central management system (VMS Basic with CSA module at a minimum - but I might be out of date on that bit). Within the central management system, you define malicious and non-malicious actions specific to one's own network. The CSA agent, when deployed, will then permit a host to perform certain actions and then deny others based upon the policy's that a system administrator defines. It has some default settings, but one should change these fairly quickly to make sure that you are getting the best out of this product. However, it is most important that this is configured correctly, as it is very easy to completely lock yourself out of all your systems if not careful. That is why many are going to professional services companies to deploy it for them and train administrators on cetain configuration options to maintain the system ongoing. CSA does not quarantine a host (like CTA within a NAC deployment would), but it prevents certain actions from being carried out within a network at source.
Hope that helps. Any other questions, let us know.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :