Security

The video demonstrates Cisco ASA CX ability to perform application matching beyond just protocols and ports by using Application Visibility and Control (AVC) feature. You will see how to deploy access policy at ease without worrying about being circumvented by application running on non-default port, or even those that sprawl multiple dynamic ports. This intelligence take you as far as matching based on a group of application by type, and specific application behavior. All of these will be demonstrated through three applications; RDP, Bittorrent, and Facebook, in this lab.

The video shows you how to configure Cisco ASA CX to gain visibility to encrypted traffic by enabling decryption capability. We will first used a self-signed certificate and present a problem of certificate warning. We will then try to resolve this by having the certificate signed by a client trusted CA. Most importantly you will get to see what user experience is like when the CX inserts itself in between HTTPS transactions.  

The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.

The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.

The video shows you the second method of obtaining user identity on Cisco ASA CX using Passive Authentication. We will leverage the User-to-IP mapping information provided by CDA by configuring CX device as a consumer. Once the mapping information is available to CX, minor modification will be performed on the Identity Policy and you will see how users are saved from having to enter their credentials as we saw in the Active Authentication. We will also discuss and demonstrate some caveats to this method towards the end of the lab.