Cisco Cisco ScanSafe Web Security White Paper
Cisco CWS
– ASA 5500 Deployment Guide
13
Test
Deploy
Prepare
User not found tracking allows the ASA to cache erroneous users for better performance.
MAC address mismatch defines the action to take when a MAC address is found to be inconsistent with
the mapped IP address, allowing the ASA to maintain an accurate username-to-IP-address mapping.
the mapped IP address, allowing the ASA to maintain an accurate username-to-IP-address mapping.
Active-user-database full-download specifies that the ASA will receive a complete user to IP address
mapping database rather than on-demand updates, increasing overall performance.
mapping database rather than on-demand updates, increasing overall performance.
Finally, for each group that is used in the web filtering policy, a complimentary monitor user-group
configuration must be added. This specifies which groups the ASA will query for to determine if the web
requestor is a member of said group.
configuration must be added. This specifies which groups the ASA will query for to determine if the web
requestor is a member of said group.
Figure 2.17
From the test machine, verify that you are using the Cloud Web Security service but user identity is still
not configured by browsing to
not configured by browsing to
Then apply the user identity configuration to the ASA.
Figure 2.18
Recall that the CDA receives logon notifications from a domain controller. Therefore, to ensure that the
test machine will be properly resolved, log off and log back in.
test machine will be properly resolved, log off and log back in.
Once the test machine is back up, browse to
properly resolved.
Figure 2.19