Cisco Context Directory Agent Identity Firewall configuration example.
Lab using CDA 1.0.0.011 – patch 1 -> 6
Guillermo González
GVE VSE Security
gugonza2@cisco.com
NOTE:
This document explain with some notes and screenshot sequences the configuration of “Identity Firewall” features using Cisco Firewall based on ASA Software and the Cisco Context Directory Agent.
Goal
Install and Configure a Laboratory for testing “Identity Firewall” using Context Directory Agent (CDA) with Active Directory and ASAv.
With Identity Firewall, we can configure access-list and allow/restrict permission based on users and/or groups that exist in the Active Directory Domain.
Documentation
This example was implemented with the aid of the following documents:
Installation and Configuration Guide for CDA, release 1.0:
https://www.cisco.com/c/en/us/td/docs/security/ibf/cda_10/Install_Config_guide/cda10/cda_install.html
CLI Book 2: Cisco ASA Series Firewall CLI Configuration Guide 9.10:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/configuration/firewall/asa-910-firewall-config.html
ASDM Book 2: Cisco ASA Series Firewall ASDM Configuration Guide, 7.10:
https://www.cisco.com/c/en/us/td/docs/security/asa/asa910/asdm710/firewall/asdm-710-firewall-config.html
Lab Environment
- CDA version 1.0.0.011 with all patches installed (1 -> 6).
- ASAv version 9.10
- Windows Server 2016 with DNS, DHCP and Active Directory Roles installed and configured.
- Windows 10 as client stations.
This Lab was installed and configured using VMware Fusion 10.1.5 as Virtual Platform.
Lab Schema
CDA Lab – Network Schema.