Connect Cisco Defense Orchestrator to the Cloud SDC
CDO communicates with managed devices and services using the SDC. Specifically, for ASA and ASA FirePOWER, the SDC uses the same secure communications channel used by ASDM.
By default upon initial account provisioning, a cloud SDC is available and therefore, a publicly accessible outside interface must be configured to allow CDO to communicate with ASA and ASA FirePOWER devices through the SDC.
If you are a customer in Europe, the Middle East, or Africa (EMEA), and you connect to Defense Orchestrator at https://defenseorchestrator.eu, allow inbound access from the following IP addresses:
If you are a customer in the United States, and you connect to Defense Orchestrator at https://defenseorchestrator.com, allow inbound access from the following IP addresses:
If the ASA under management is also configured to accept AnyConnect VPN Client connections, the ASDM HTTP server port must be changed to a value of 1024 or higher. Note that this port number will be the same port number used when onboarding the ASA device into CDO.
Note: If using an on-premises SDC, you must ensure that the virtual appliance has network connectivity to the management interface of the managed device.
The following examples assume that the ASA outside interface is named 'outside' and an AnyConnect client is configured on the ASA so the ASDM HTTP server is listening on port 8443.
To enable the outside interface, enter these commands:
http 188.8.131.52 255.255.255.255 outside
http 184.108.40.206 255.255.255.255 outside
http 220.127.116.11 255.255.255.255 outside
http 18.104.22.168 255.255.255.255 outside
To enable the ASDM HTTP server port, in the case where AnyConnect VPN Client is in use, enter this commands:
http server enable 8443