Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
348
Views
0
Helpful
1
Replies

Purpose of CDA with ASA

abhijith891
Level 1
Level 1

‎04-04-2018 04:15 AM - edited ‎02-21-2020 07:35 AM

I am a bit confused as to why we use CDA with ASA. As per my understanding, CDA acts as a bridge between AD and ASA so that the appropriate policies can be pushed to the user when he/she logs in. My question is: Is it not possible to establish a direct relationship between ASA and AD? Also, I read somewhere that LDAP is used to build an additional connection between ASA and AD so that ASA can do filtering based on a particular group. If this is the case, cant we use LDAP to integrate AD with ASA for user control?
Labels:
0 Helpful
1 Reply 1

Bogdan Nita
VIP Alumni
VIP Alumni

‎04-04-2018 09:21 AM

CDA is actually a machine that reads syslog messages from the DC in order to map IP to usernames. It can do the same thing for ISE or ACS. It does not get the group membership for users and because of that a separate connection has to be build between the ASA and DC, but ip user mapping can't be sent over this connection.

Sure this functionality could have been built into the ASA, but it was not, maybe not all ASA platforms could support the extra load or that CDA could be used with other products as well.

 

HTH

Bogdan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card