Remote-access Guide

cisco asa clustering remote access design guide

by Vladimir Hayes Jr. Published 3 years ago Updated 2 years ago
image

What is Cisco ASA?

The Cisco Adaptive Security Appliance (ASA) is a security appliance that protects corporate networks and data centers. It provides users with highly secure access to data and network resources - anytime, anywhere. The remote users can use Cisco AnyConnect Secure Mobility Client on the endpoints to securely connect to the resources hosted in the Data Center or the Cloud. The Cisco ASA is available in the following form factors:

How to access colocation resources?

Remote workers can access Colo resources by connecting to the Data Center or connecting directly to the virtual/physical firewalls hosted in the Colo. When the remote user is connected to the Colo resource via the Data Center, it adds additional latency because of an additional hop. It is recommended to access cloud resources directly by terminating a VPN in the cloud.

What is Cisco Umbrella?

The Cisco Umbrella Roaming Security module for Cisco AnyConnect provides always-on security on any network, anywhere, any time — both on and off your corporate VPN. The Roaming Security module enforces security at the DNS layer to block malware, phishing, and command and control callbacks over any port. Umbrella provides real-time visibility into all internet activity per hostname both on and off your network or VPN. License requirement to enable Umbrella Roaming Security Module:

Does Cisco NGFWV support VPN?

Cisco NGFWv does not natively support V PN load balancing, and it relies on an external DNS based load balancing or a load balancer.

Is Cisco ASA available in AWS?

Cisco ASA and NGFW firewalls are available in the AWS and Azure marketplace. These virtual firewalls can be instantiated in the cloud to protect VPC/vNET and terminated the remote access VPN. Remote workers can terminate IPsec or SSL VPN directly on Cisco ASAv/NGFWv deployed in the public cloud environment to access cloud resources.

What is a secure remote worker?

A secure remote worker is simplified using foundational, access, and business capability groups. Each flow requires the foundational group. Additional business activity risks need appropriate controls as shown in the figure 5. User and Device capabilities are located where the flow originates from a remote worker to data center, cloud, and colocation (Colo). For more information regarding capability groups, refer to the SAFE Overview Guide.

Does AnyConnect have a duo prompt?

The AnyConnect client does not show the Duo prompt, and instead adds a second password field to the regular AnyConnect login screen where the user enters the word “push” for Duo Push, the word “phone” for a phone call, or a one-time passcode. This configuration does not support IP-based network policies or device health requirements when using the AnyConnect client.

image
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 1 2 3 4 5 6 7 8 9