EasyManuals Logo

Cisco ASA 5508-X Configuration Guide

Cisco ASA 5508-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #151 background imageLoading...
Page #151 background image
8-15
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 8 ASA and Cisco Cloud Web Security
Examples for Cisco Cloud Web Security
Number of HTTP connections dropped because of errors: 0
Number of HTTPS connections dropped because of errors: 0
show conn scansafe
Shows all Cloud Web Security connections, as noted by the capitol Z flag.
You can determine if a user’s traffic is being redirected to the proxy servers by accessing the following
URL from the client machine. The page will show a message indicating whether the user is currently
using the service.
http://Whoami.scansafe.net
Examples for Cisco Cloud Web Security
Following are some examples for configuring Cloud Web Security.
Cloud Web Security Example with Identity Firewall, page 8-15
Active Directory Integration Example for Identity Firewall, page 8-17
Cloud Web Security Example with Identity Firewall
The following example shows a complete configuration for Cisco Cloud Web Security in single context
mode, including the optional configuration for identity firewall.
Step 1 Configure Cloud Web Security on the ASA.
hostname(config)# scansafe general-options
hostname(cfg-scansafe)# server primary ip 192.168.115.225
hostname(cfg-scansafe)# retry-count 5
hostname(cfg-scansafe)# license 366C1D3F5CE67D33D3E9ACEC265261E5
Step 2 Configure identity firewall settings.
Because groups are a key feature of ScanCenter policies, you should consider enabling the identity
firewall if you are not already using it. However, identity firewall is optional. The following example
shows how to define the Active Directory (AD) server, the AD agent, configure identity firewall settings,
and enable the user identity monitor for a few groups.
aaa-server AD protocol ldap
aaa-server AD (inside) host 192.168.116.220
server-port 389
ldap-base-dn DC=ASASCANLAB,DC=local
ldap-scope subtree
ldap-login-password *****
ldap-login-dn cn=administrator,cn=Users,dc=asascanlab,dc=local
server-type microsoft
aaa-server adagent protocol radius
ad-agent-mode
aaa-server adagent (inside) host 192.168.116.220
key *****
user-identity domain ASASCANLAB aaa-server AD
user-identity default-domain ASASCANLAB
user-identity action netbios-response-fail remove-user-ip
user-identity poll-import-user-group-timer hours 1
user-identity ad-agent aaa-server adagent
user-identity user-not-found enable
user-identity monitor user-group ASASCANLAB\\GROUP1

Table of Contents

Other manuals for Cisco ASA 5508-X

Preview: Manual
Manual14 pages
Preview: Easy Setup Guide
Easy Setup Guide11 pages
Preview: Hardware Installation Guide
Hardware Installation Guide32 pages
Preview: Mount And Connect
Mount And Connect6 pages
Preview: Quick Start Guide
Quick Start Guide8 pages
Preview: Software Guide
Software Guide37 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5508-X and is the answer not in the manual?

Cisco ASA 5508-X Specifications

General IconGeneral
Maximum VPN Sessions250
Power SupplyInternal
IPsec VPN Throughput250 Mbps
USB 2.01
Memory4 GB
Flash Memory8 GB
AC Input100-240 VAC
VPN Throughput250 Mbps
Maximum VLANs100
Operating Temperature32 to 104°F (0 to 40°C)
Storage Temperature-13 to 158°F (-25 to 70°C)
Ports8 x 1GE
Security Contexts2
New Connections per Second20, 000
Management Interface1 x GE
Frequency50-60 Hz
New Sessions per Second20, 000
Humidity5% to 95% non-condensing

Related product manuals