Skip to main content

 

 

Cisco Defense Orchestrator

Connect Cisco Defense Orchestrator to the Secure Device Connector

Connect Cisco Defense Orchestrator to the Cloud SDC

CDO communicates with managed devices and services using the SDC. If your SDC is deployed in the cloud, the devices that CDO manages must allow inbound access on port 443 (or whichever port you have configured for your device management) from IP addresses in the EMEA region or the United States.

If you are a customer in Europe, the Middle East, or Africa (EMEA), and you connect to Defense Orchestrator at https://defenseorchestrator.eu, allow inbound access from the following IP addresses:

  • 35.157.12.126
  • 35.157.12.15

If you are a customer in the United States, and you connect to Defense Orchestrator at https://defenseorchestrator.com, allow inbound access from the following IP addresses:

  • 52.34.234.2
  • 52.36.70.147

Connect Cisco Defense Orchestrator to the On-premise SDC

If your SDC is deployed on-premise, the devices CDO manages must allow full inbound access on port 443 (or whichever port you have configured for your device management). This is configured using the management access control rule. 

You must also ensure that the virtual appliance running SDC has network connectivity to the management interface of the managed device.

Special Considerations for ASA Management

Specifically, for ASA, the SDC uses the same secure communications channel used by ASDM.

If the ASA under management is also configured to accept AnyConnect VPN Client connections, the ASDM HTTP server port must be changed to a value of 1024 or higher. Note that this port number will be the same port number used when onboarding the ASA device into CDO.

Example ASA Commands

The following examples assume that the ASA outside interface is named 'outside' and an AnyConnect client is configured on the ASA, so the ASDM HTTP server is listening on port 8443.

To enable the outside interface, enter these commands:

EMEA:

http 35.157.12.126 255.255.255.255 outside

http 35.157.12.15 255.255.255.255 outside

United States:

http 52.34.234.2 255.255.255.255 outside

http 52.36.70.147 255.255.255.255 outside

To enable the ASDM HTTP server port, in the case where AnyConnect VPN Client is in use, enter this commands:

http server enable 8443