Skip to main content



Cisco Defense Orchestrator

Onboard an ASA Device

Onboard Procedure

Use this procedure to onboard a live ASA device, not an ASA model, to CDO.

  1. Navigate to the Devices & Services page.
  2. Click Onboard.
  3. Click Add an ASA device.
  4. Give the device a name.
  5. Enter the location (IP address or URL) of the device or service. The default port is 443.

Note: Download and review the TLS certificate before proceeding. When accepted, it will be trusted by the SDC.

  1. Once the location of the device or service is verified, you're prompted to enter the credentials to the device.
  2. Once the credentials are verified, you're prompted to label the device or service. See Labels and Label Groups for more information.
  3. After labeling your device or service, you can view it in the Devices & Services list.

Note: Depending on the size of the configuration and the number of other devices or services, it may take some time for the configuration to be analyzed.


Cannot onboard ASA due to certificate error

Environment: ASA is configured with client-side certificate authentication.

Solution: Disable client-side certificate authentication.

Details: ASAs support credential-based authentication as well as client-side certificate authentication. CDO cannot connect to ASAs that use client-side certificate authentication. Before onboarding your ASA to CDO, make sure it does not have client-certificate authentication enabled by using this procedure:

  1. Open a terminal window and connect to the ASA using SSH.
  2. Enter global configuration mode.
  3. At the hostname (config)# prompt, enter this command: 

no ssl certificate-authentication interface interface-name port 443

The interface name is the name of the interface CDO connects to.

  • Was this article helpful?