01-07-2014 08:38 AM - edited 03-11-2019 08:26 PM
I want to deploy ASA 5515 CX with CDA is there any deploying guid to perform this.
01-07-2014 10:39 AM
CDA Install Guide
http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_install.html
CDA Configuration Guide
http://www.cisco.com/en/US/docs/security/ibf/cda_10/Install_Config_guide/cda_wrkng.html
CX Configuration Guide
01-15-2014 02:31 AM
hello all,
did you deploy the asacx with CDA? what experience?
i'm testing this configuration now. If you will read all guides mentioned above by Collin, you should properly configure asacx to passive user authentication with CDA.
the most things you have to do on m$ AD controller (especially if you want to use non admin account), CDA installation and configuration is quite straightforward. ASA CX configuration to use CDA is also simple. In configuring M$ i noticed, that although we had filrewall rule to accept wmi traffic active, we had to explicit allow tcp traffic from CDA.
CDA maps users to IP correctly if one user is logged to the machine. If two or more users are logged to the machine - CDA maps only last logged user, so if user A has a deny all policy and logs to the machine, and another user B with policy permit all logs to the same machine after user A - the policy probably will permit traffic from user A also - because in CDA mappings table will be record with mapping machine ip to only one user. Of course if user A would be logged to several different machines - several mappings (ip addresses) appears in cda table to this user. That behavior we observed in our test.
Also we noticed, that access policy which we build using as source user object - doesn't work when we using passive authentication with CDA. The logging traffic and showing which user what do works ok in this configuration.
The active authentication we didn't check yet.
version of our test asa cx is
Cisco ASA CX Platform 9.2.1.1 (48)
Best regards,
Maciek
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide