Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA CX TrustSec support


Unfortunately the ASA CX Module (unlike the ASA itself) currently does not seem to support TrustSec (SXP, SGT).


Does ASA CX work with the Cisco Identity Services Engine for identity enforcement?


A. Not with the current release. Currently, ASA CX uses the Cisco AD agent, which is a component of the Identity Services Engine, for identification. The AD agent tracks all users who are logged into the network and maps the source IP addresses. In a future release, ASA CX will also support access control based on TrustSec tags."

Does anybody from Cisco have an indication on when this feature will be supported, and if it will be supported on Software CX Module Devices (e.g. ASA5512-X).

I find it disappointing that this feature is lacking in the area where it seems most needed. Is there currently no way the CX Module itself can differentiate between flows with different SGTs?

I would appreciate a speedy reply.

Thanks in advance!

Hall of Fame Super Silver

ASA CX TrustSec support

Roadmap information such as this is only shared under non-disclosure and is not available in a public forum.

I would imagine it's not in the early CX release because these are positioned as primarily Internet edge devices and very few customers are using SGT at all as of yet - and very very few are using it at the edge.

CreatePlease login to create content