cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

383
Views
0
Helpful
1
Replies
Beginner

ASA's, CWS and CDA's

Hi,

 

I'm looking for answers on the setup and operation of the ASA's, CWS and CDA's.

  • Do the CDA's support multiple AD's or AD Trusts?
  • Do the ASA's support LDAP lookup's to multiple AD's/Trusts?

 

  • Once running, how often do the ASA's query the AD's for group membership?
  • Does the ASA send the full group membership + username to the CWS for every web request from a client?

Thanks

 

Stuart

 

 

1 REPLY 1
Highlighted
Cisco Employee

CDA can support up to 80

CDA can support up to 80 domain controller machines, and can internally cache up to 64,000 IP-to-user-identity mappings. It supports up to 100 Identity consumer devices. CDA processes 1000 IP-to-user-identity mappings per second (input and output). [source]

CDA supports multiple domains. [source

Upon startup CDA reads a time based window (history) of users that are already logged-in. After CDA is up and running it monitors and retrieves user logins in realtime. [source] (The monitoring is continuous.)

ASA performs the group lookup if a userID is detected that does not yet have a group membership mapped, and updates the group mappings within eight hours (default, configurable). [source] It is best practice to configure the ASA for the specific groups to map to avoid exposing too much detail.

ASA encrypts the source IP, userID, and group membership; and appends these details as encrypted headers to every web request.

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.