The Umbrella ASA Integration allows administrators to add their Cisco Adaptive Security Appliance (ASA) to their Umbrella configuration. The Umbrella connector enables the ASA to redirect DNS queries to Umbrella.
The Umbrella connector is apart of the ASA's DNS inspection engine. If your existing DNS inspection policy map decides to block or drop a request based on your DNS inspection settings, the request is not forwarded to Umbrella.
This allows for two lines of protection: your local DNS inspection policy and your Umbrella cloud-based DNS inspection policy.
When redirecting DNS queries to Umbrella, the Umbrella connector includes an EDNS (Extension mechanisms for DNS) record. An EDNS record contains the device ID, organization ID, and client IP address. This information is used by your Umbrella policy to determine whether to block or allow traffic.
You can also elect to encrypt DNS traffic using DNSCrypt to ensure the privacy of usernames and internal IP addresses.
Integration for ASA Overview > Prerequisites