You are here
SEC0148 - ASA CX Passive Authentication with ISE (Part 2)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.
Part 2 of this video performs access policy testing and analyzes packet captures
Topic:
- CX Passive Authentication
- CDA Syslog Client
- ISE Log Target and Categories
- 802.1x Wired/Wireless Authentication and RADIUS Accounting
- Windows 7 Domain and Non-Domain Computer, and iPhone
- Wireshark Packet Analysis
- Roaming Uers
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.