ASA

I have recently started looking into Cisco AnyConnect Secure Mobility, despite its existence for over a year now, to find out what features it has to offer as part of Cisco SSL VPN solution. My first misconception was, in order to use these features, the AnyConnect Secure Mobility license is required. As it turns out, there are some nice features that are available even without such license, and better yet, work with just AnyConnect Essential license, which, nowadays, is a more popular choice due to its cost effectiveness for those that do not need the add-ons of the clientless SSL VPN or Cisco Secure Desktop.

Two-factor authentication has become a requirement in many organizations in order to be in compliance of certain industrial regulations. When speaking of a two-factor authentication, RSA SecureID is usually one of the first products that come to mind. However, due to its cost, many companies have been offering cheaper alternatives, and one of those products is Digipass/Identikey Server by Vasco.

We have seen, in my last article, the Cisco ASA identity firewall in action, and its fundamental capabilities. We were able to successfully deploy the AD agent, and have the ASA integrated with both Active Directory (for user group download), and AD agent (for user-to-IP mapping). At the end of the lab, I was still uncertain on how well it will perform in a production environment and whether there might be more caveats in a deployment, at least in the current version of code 8.4(2). In an effort to answer these questions, I went back to the ASA configuration guide and came up with a few more lab scenarios.

Last week, I had an opportunity to sit in on a Security presentation given by Cisco at PBM. There was a mention on the recent release of 8.4(2) code, and one of the features that caught my attention was Identity Firewall. This is something that other firewall vendors like Palo Alto have already been doing so I was curious to see how it works on the Cisco ASA.