Solved: Cisco ASA-55xx NG IDFW CDA Alternative

Mohammed Islam · ‎04-17-2019

Hi All,

I am looking to implement IDFW on the network using Cisco ASA 55xx NG appliances. I understand the Context Directory Agent is not supported on ESXi 5.5 upwards and also potential support issues with Windows 2012 too. Looking at the download section it seems the CDA has not had any development since 2014. My question is;

1. What is the alternative to CDA to provide IDFW on the ASA-55xx NG's - ISE/ISE-PICS?

2. If ISE/ISE-PICS - can someone provide me some documents around it as I cannot find anything in relation to ASA 55xx NG's

Thanks in advance!

Mo

Timothy Abbott · ‎04-17-2019

IDFW on ASA still requires CDA. There has been a recent patch for CDA published to support up to Windows 2016. ISE / ISE-PIC does not currently support the sharing of identity information to ASA as it lacks the CDA RADIUS interface it requires.

Regards,

-Tim

View solution in original post

Timothy Abbott · ‎04-17-2019

IDFW on ASA still requires CDA. There has been a recent patch for CDA published to support up to Windows 2016. ISE / ISE-PIC does not currently support the sharing of identity information to ASA as it lacks the CDA RADIUS interface it requires.

Regards,

-Tim

Mohammed Islam · ‎04-18-2019

But the CDW is not maintained any longer and has not been for a good 3-4 years..

Additionally, CDA is not supported on ESXi 5.5 above and I believe there are support issues with Windows 2012/2016.

I had raised a TAC case in too and they have confirmed ISE can do IDFW with ASA 55xx?

Mohammed Islam · ‎04-18-2019

But the CDW is not maintained any longer and has not been for a good 3-4 years..

Additionally, CDA is not supported on ESXi 5.0 and above and I believe there are support issues with Windows 2012/2016.

I had raised a TAC case too and they have confirmed ISE can do IDFW with ASA 55xx?