Cisco Cisco ASA 5520 Adaptive Security Appliance 기술 매뉴얼
Contents
Introduction
Prerequisites
Requirements
Components Used
Configure
Network Diagram
FirePower
FireSight Management Center (Defence Center)
Access Control Policy
ISE Remediation Module
Correlation Policy
ASA
ISE
Configure Network Access Device (NAD)
Enable Adaptive Network Control
Quarantine DACL
Authorization Profile for Quarantine
Authorization Rules
Verify
AnyConnect Initiates ASA VPN Session
User Attempts Access
FireSight Correlation Policy Hit
ISE Performs Quarantine and Sends CoA
VPN Session is Disconnected
VPN Session with Limited Access (Quarantine)
Troubleshoot
FireSight (Defence Center)
ISE
Bugs
Related Information
Related Cisco Support Community Discussions
Introduction
This document describes how to use the remediation module on a Cisco FireSight appliance in
order to detect attacks and automatically remediate the attacker with the use of the Cisco Identity
Service Engine (ISE) as a policy server. The example that is provided in this document describes
the method that is used for remediation of a remote VPN user who authenticates via the ISE, but it
can also be used for an 802.1x/MAB/WebAuth wired or wireless user.
order to detect attacks and automatically remediate the attacker with the use of the Cisco Identity
Service Engine (ISE) as a policy server. The example that is provided in this document describes
the method that is used for remediation of a remote VPN user who authenticates via the ISE, but it
can also be used for an 802.1x/MAB/WebAuth wired or wireless user.
Note: The remediation module that is referenced in this document is not officially supported
by Cisco. It is shared on a community portal and can be used by anyone. In Versions 5.4
by Cisco. It is shared on a community portal and can be used by anyone. In Versions 5.4