authentication

The video shows you how to leverage an existing Active Directory database for administrative user login on Cisco ASA FireSight System. We will go through configuration of LDAP integration, and usergroup-to-role mapping. You will be able to limit access to FireSight web interface based on your user job function.

The video shows you how to configure Cisco ASA CX to enforce Active Authentication and apply the same decryption and access policies to the remote VPN user so they can have the same user experiences as those locating inside the network. We will perform additional traffic restriction based on client operating system using information provided by Cisco AnyConnect client, as well as user browser type using User Agent attribute.  

The video shows you how to configure Cisco ASA CX to enforce Active Authentication and apply the same decryption and access policies to the remote VPN user so they can have the same user experiences as those locating inside the network. We will perform additional traffic restriction based on client operating system using information provided by Cisco AnyConnect client, as well as user browser type using User Agent attribute.  

The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.

The video provide a method to enhance reliability of Cisco ASA CX Passive Authentication by integrating Cisco ISE with CDA. You will see how the caveats inherent to CDA can be solved by using realtime user and IP information provided by 802.1x identity-based authentication network. We will analyze RADIUS packets being communicated between Cisco ISE and CDA to try to understand the underlying mechanism. Testing will be performed on both domain and non-domain devices, that have been onboarded through ISE, and this includes both wired and wireless.

The video shows you the second method of obtaining user identity on Cisco ASA CX using Passive Authentication. We will leverage the User-to-IP mapping information provided by CDA by configuring CX device as a consumer. Once the mapping information is available to CX, minor modification will be performed on the Identity Policy and you will see how users are saved from having to enter their credentials as we saw in the Active Authentication. We will also discuss and demonstrate some caveats to this method towards the end of the lab.

The video shows you the first method of obtaining user identity on Cisco ASA CX using Active Authentication. We will integrate CX with Windows Active Directory to perform user authentication as well as user group query. We will redo our access policies from the previous lab and replace the source IP subnet with AD user group. This would be our first step towards identity-based access policies and free ourselves from the use of just IP addresses. 

The video shows you the first method of obtaining user identity on Cisco ASA CX using Active Authentication. We will integrate CX with Windows Active Directory to perform user authentication as well as user group query. We will redo our access policies from the previous lab and replace the source IP subnet with AD user group. This would be our first step towards identity-based access policies and free ourselves from the use of just IP addresses. 

The video demonstrates a process of enabling MD5 authentication for LDP session on Cisco router. There are usually two ways to accomplish this and those are configuring it at the global level as a default authentication for all LDP neighbors, or at the per-neighbor level. You also have a option to tie an authentication to multiple key-chains for even more flexibility. All of these will be covered in this video.

The video covers some BGP miscellaneous features on Cisco router that do not really have a topic of their own. This includes private AS removal, local AS, allow AS, BGP timer, and MD5 authentication. Some of these features are more frequently used than the other but it is recommended to understand all of them especially if you are studying for certification.