This document describes how to configure an SXP (Security Group Exchange Protocol) connection between ISE (Identity Services Engine) and an ASAv (virtual Adaptive Security Appliance).
SXP is the SGT (Security Group Tag) Exchange Protocol used by TrustSec to propagate IP to SGT mappings to TrustSec Devices. SXP was developed to allow networks including third party devices or legacy Cisco devices which do not support SGT inline tagging to have TrustSec capabilities. SXP is a peering protocol, one device will act as a Speaker and the other as a Listener. The SXP speaker is responsilbe for sending the IP-SGT bindings and the listener is responsible for collecting these bindings. The SXP connection uses TCP port 64999 as the underlying transport protocol and MD5 for message integrity/authenticity.
SXP has been published as an IETF Draft at the following link: