Cisco Systems ASA 5580 Manual De Usuario

On the Cloud Web Security side, you must purchase a Cisco Cloud Web Security license and identify 
the number of users that the ASA handles. Then log into ScanCenter, and generate your authentication 
keys.

To send user identity information to Cloud Web Security, configure one of the following on the ASA:

AAA rules (username only)—See 

IDFW (username and group)—See 

 in the general 

operations configuration guide.

If you use FQDNs in ACLs for your service policy rule, or for the Cloud Web Security server, you must 
configure a DNS server for the ASA according to the 

 in the general operations configuration guide.

Supported in single and multiple context modes.

In multiple context mode, the server configuration is allowed only in the system, and the service policy 
rule configuration is allowed only in the security contexts.

Each context can have its own authentication key, if desired.

Supported in routed firewall mode only. Does not support transparent firewall mode.

Does not support IPv6. See the 

.

Cloud Web Security is not supported with ASA clustering.

Clientless SSL VPN is not supported with Cloud Web Security; be sure to exempt any clientless SSL 
VPN traffic from the ASA service policy for Cloud Web Security.

All models

Strong Encryption (3DES/AES) License to encrypt traffic between the security appliance and the 
Cloud Web Security server.