Cisco Support Community
Community Member

Questions about Context Directory Agent.


I am thinking about implementing CDA server in our company. We currently have 25 users, 2 Domain Controllers and Cisco ASA 5515-X-IPS-k9 firewall.

So far i've implemented VPN AnyConnect authentication via LDAP + 2FA for VPN. I've setup IPS only in IDS mode so far.

I have the following questions what will happen when i setup Context Directory Agent in our infrastructure:

1. What happens when some guest comes to our company and plugs his laptop into our network and he is NOT our domain user? How does Cisco CDA act then? Does it ignore it or what?

2. We have some outsource people who work for us. They connect via VPN AnyConnect and they have domain user account. I understand CDA is mapping IP to username in AD. So here is one scenario:

- outsource user connects to our VPN and types his domain user credentials then  connects to our network and gets IP from VPN Pool eg.: (CDA then maps this IP to that username?)

- That user then does RDP to one of our servers he again authenticates with his domain user credentials on that server which has IP eg.: (CDA then maps this IP to username?)

Thank you for all the answers !

Everyone's tags (2)
Hall of Fame Super Silver

1. No domain login = no CDA

1. No domain login = no CDA record of the event

2a &b. Not sure on these. I'm pretty sure b is "no" but that's based on how it was described to me by Cisco not first-hand observation.

CreatePlease to create content