If you are planning on doing Dynamic PAT to the ASA "inside" interfaces from the Branch Offices networks then you wont be able to initiate connections to the Branch Office. Only the Branch Office can initiate connections since its the network which is PATed towards the "inside".
If you needed to initiate connections in both directions then you would eventually run into the situation that you would have to allocate a mapped address subnet to which you could NAT the Branch Offices and this in turn would mean the same thing as just doing no NAT as you would still had to route the mapped subnet towards the ASA.
To do Dynamic PAT for the Branch Offices while they are connecting to the server site I think the NAT configuration might have to look something like this
IntroductionComponentsISE ConfigurationEnd user perspective and Validation
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM ...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.