cx

The video demonstrates Cisco ASA CX ability to perform application matching beyond just protocols and ports by using Application Visibility and Control (AVC) feature. You will see how to deploy access policy at ease without worrying about being circumvented by application running on non-default port, or even those that sprawl multiple dynamic ports. This intelligence take you as far as matching based on a group of application by type, and specific application behavior. All of these will be demonstrated through three applications; RDP, Bittorrent, and Facebook, in this lab.

The video shows you how to configure Cisco ASA CX to gain visibility to encrypted traffic by enabling decryption capability. We will first used a self-signed certificate and present a problem of certificate warning. We will then try to resolve this by having the certificate signed by a client trusted CA. Most importantly you will get to see what user experience is like when the CX inserts itself in between HTTPS transactions.  

The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.

The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.

The video shows you the second method of obtaining user identity on Cisco ASA CX using Passive Authentication. We will leverage the User-to-IP mapping information provided by CDA by configuring CX device as a consumer. Once the mapping information is available to CX, minor modification will be performed on the Identity Policy and you will see how users are saved from having to enter their credentials as we saw in the Active Authentication. We will also discuss and demonstrate some caveats to this method towards the end of the lab.

The video walks you through an installation of Cisco Context Directory Agent (CDA) server. We will start by prepping a non-domain admin service account for CDA to use to contact Windows Active Directory. We will then step through a virtual machine creation, software installation and patching. We will also spend some time on the CDA web interface. By the end of the lab, we will be able to have CDA monitor user AD login activities and create user-to-IP mapping information that we will leverage in the future videos. 

The video shows you the first method of obtaining user identity on Cisco ASA CX using Active Authentication. We will integrate CX with Windows Active Directory to perform user authentication as well as user group query. We will redo our access policies from the previous lab and replace the source IP subnet with AD user group. This would be our first step towards identity-based access policies and free ourselves from the use of just IP addresses. 

The video shows you the first method of obtaining user identity on Cisco ASA CX using Active Authentication. We will integrate CX with Windows Active Directory to perform user authentication as well as user group query. We will redo our access policies from the previous lab and replace the source IP subnet with AD user group. This would be our first step towards identity-based access policies and free ourselves from the use of just IP addresses. 

The video introduces you to concepts on Policy Set, Policies, and Object which are basic building blocks of Cisco ASA CX. To help you get familiarized with CX configuration process, we will start with basic access policies by allowing and denying traffic based on L3/L4 information. You will get to see various object types as well as a more advance feature of bandwidth rate limit. We will be focusing on two application services; RDP and HTTP, in this lab.

The video takes you through the user interface of Cisco Prime Security Manager (PRSM) server; first CLI and then web. The goal is to make you comfortable with navigating around menu options whether they are for configuration or logging and reporting. We will cover most of them at high level as we leave all the detail configuration in future videos as we focuses at each of the individual features.