cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Cisco CDA Identity Firewall configuration example

293
Views
0
Helpful
0
Comments

Cisco Context Directory Agent Identity Firewall configuration example.

Lab using CDA 1.0.0.011 – patch 1 -> 6

 

 

Guillermo González

GVE VSE Security

gugonza2@cisco.com

 

 

NOTE:

This document explain with some notes and screenshot sequences the configuration of “Identity Firewall” features using Cisco Firewall based on ASA Software and the Cisco Context Directory Agent.

 

 

Goal

Install and Configure a Laboratory for testing “Identity Firewall” using Context Directory Agent (CDA) with Active Directory and ASAv.

 

With Identity Firewall, we can configure access-list and allow/restrict permission based on users and/or groups that exist in the Active Directory Domain.

 

Documentation

 

This example was implemented with the aid of the following documents:

 

Installation and Configuration Guide for CDA, release 1.0:

https://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10/cda_install.html

 

CLI Book 2:  Cisco ASA Series Firewall CLI Configuration Guide 9.10:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config.html

 

ASDM Book 2:  Cisco ASA Series Firewall ASDM Configuration Guide, 7.10:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/asdm710/firewall/asdm-710-firewall-config.html

 

 

Lab Environment

 

  • CDA version 1.0.0.011 with all patches installed (1 -> 6).
  • ASAv version 9.10
  • Windows Server 2016 with DNS, DHCP and Active Directory Roles installed and configured.
  • Windows 10 as client stations.

 

This Lab was installed and configured using VMware Fusion 10.1.5 as Virtual Platform.

 

Lab Schema

Picture1.pngCDA Lab – Network Schema.