Buy or Renew
Buy or Renew
ATTENTION: We are currently working an issue with posting. Thank you for your patience while we work on a resolution.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1796
Views
0
Helpful
4
Replies

Firepower 2120 with ASA - Identity Firewall with CDA errors

Go to solution
gugonza2
Cisco Employee
Cisco Employee

‎03-13-2019 02:19 AM

Hi Team,  I´ll appreciate your help in the following case;

 

The customer is evaluating the replacement of old CheckPoint Firewalls and they are considering ASA.

They ASA systems in production in other departments and they would like to replace the CheckPoints with ASA.

 

In the evaluation, they need to activate the Identity Firewall option.

As a first point, in the ASA manuals the description appears with "AD Agent", which is EoL and is replaced by the CDA.

 

The customer needs to perform the test and they would like to have some documentation with Step-by-Step configuration.

 

We have tried to perform a test in the Lab with the latest CDA image with its latest patches (CDA 1.0.0.011 and patches 1 -> 6), an Active Directory based on Windows 2016 and an ASA 9.10. 

There are problems with the CDA and the Active Directory, in the logs of the CDA we have the following error: "ADObserver: Error Querying for WMI property".

We found some reports about permissions and Registry Keys in AD but we still have the error.

 

- Any procedure for this configuration?

- Any comments or suggestions to configure the CDA with AD 2016 and ASA 9.10?

 

Thanks in Advance,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎03-13-2019 05:07 AM - edited ‎03-13-2019 05:08 AM

After Posting my Last post, just want to take update of the product since long i have not seen that page, just visited the site  and Latest Update on the CDA.

 

Found that Windows 2016 is listed there as supported version :

https://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10/cda_install.html#35885

 

Suggesting - ISE-PIC (its time for me to put in my list to test again)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎03-13-2019 05:00 AM

Tested some time back in the LAB with below Video that works as expected.

 

https://www.youtube.com/watch?v=l1vspZXtCjw

http://www.labminutes.com/sec0146_asa_cx_context_directory_agent_installation

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎03-13-2019 05:07 AM - edited ‎03-13-2019 05:08 AM

After Posting my Last post, just want to take update of the product since long i have not seen that page, just visited the site  and Latest Update on the CDA.

 

Found that Windows 2016 is listed there as supported version :

https://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10/cda_install.html#35885

 

Suggesting - ISE-PIC (its time for me to put in my list to test again)

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
gugonza2
Cisco Employee
Cisco Employee
In response to balaji.bandi

‎03-14-2019 12:31 AM

Thx Balaji,

 

The information on videos was very helpful.

I was finally able to make it work.

 

Is there any issue reported with Windows 2016 ?   now in Lab is working but is a very simple test.

 

Thanks.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to gugonza2

‎03-14-2019 01:24 AM

To be honestly i have not tried, i may be building 2019 soon i will test that time 2016 (since we dont have requirement of 2016 / 2019) so not tried. please feel free to post your comments, and your welcome to offer any solution.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card