Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
1
Replies

Questions about Context Directory Agent.

ilukeberry
Level 1
Level 1

‎09-11-2014 04:10 AM - edited ‎02-21-2020 05:16 AM

Hi

I am thinking about implementing CDA server in our company. We currently have 25 users, 2 Domain Controllers and Cisco ASA 5515-X-IPS-k9 firewall.

So far i've implemented VPN AnyConnect authentication via LDAP + 2FA for VPN. I've setup IPS only in IDS mode so far.

I have the following questions what will happen when i setup Context Directory Agent in our infrastructure:

1. What happens when some guest comes to our company and plugs his laptop into our network and he is NOT our domain user? How does Cisco CDA act then? Does it ignore it or what?

2. We have some outsource people who work for us. They connect via VPN AnyConnect and they have domain user account. I understand CDA is mapping IP to username in AD. So here is one scenario:

- outsource user connects to our VPN and types his domain user credentials then  connects to our network and gets IP from VPN Pool eg.: 10.0.1.2 (CDA then maps this IP to that username?)

- That user then does RDP to one of our servers he again authenticates with his domain user credentials on that server which has IP eg.: 10.0.0.40 (CDA then maps this IP to username?)

Thank you for all the answers !

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-14-2014 07:58 PM

1. No domain login = no CDA record of the event

2a &b. Not sure on these. I'm pretty sure b is "no" but that's based on how it was described to me by Cisco not first-hand observation.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card