https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4456697#M1083210 <P>We have FTD-A as a VPN firewall that authenticates remote users against LDAP and assigns IP addresses.</P><P>&nbsp;</P><P>What we are trying to achieve is a user-based policy applied on FTD-B, but we are having problems identifying users when they are connected to VPN.&nbsp;</P><P>&nbsp;</P><P>What is the best way to push User-to-IP mapping from FTD-A to FTD-B? Both are managed by the same FMC.</P> Mon, 30 Aug 2021 04:22:14 GMT Turbo727 2021-08-30T04:22:14Z https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4456697#M1083210 <P>We have FTD-A as a VPN firewall that authenticates remote users against LDAP and assigns IP addresses.</P><P>&nbsp;</P><P>What we are trying to achieve is a user-based policy applied on FTD-B, but we are having problems identifying users when they are connected to VPN.&nbsp;</P><P>&nbsp;</P><P>What is the best way to push User-to-IP mapping from FTD-A to FTD-B? Both are managed by the same FMC.</P> Mon, 30 Aug 2021 04:22:14 GMT https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4456697#M1083210 Turbo727 2021-08-30T04:22:14Z https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4456771#M1083212 <P>Are your FTD-A and B in HA?</P> Mon, 30 Aug 2021 08:29:09 GMT https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4456771#M1083212 Chakshu Piplani 2021-08-30T08:29:09Z https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4456772#M1083213 No. They are different firewalls.<BR /> Mon, 30 Aug 2021 08:30:37 GMT https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4456772#M1083213 Turbo727 2021-08-30T08:30:37Z https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4457104#M1083219 <P>I dont think that's a possibility as they are treated as separate device.</P> Mon, 30 Aug 2021 18:08:20 GMT https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4457104#M1083219 Chakshu Piplani 2021-08-30T18:08:20Z https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4457141#M1083220 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/289617">@Turbo727</a>,</P><P>You won't be able to do this, without intermediate device.</P><P>What you need in between is ISE for this purpose. For VPN use-case, it would serve as RADIUS server, responsible for authentication and authorization, while collecting User-to-IP mapping at the same time. For FTD-B use-case, it would serve as identity source (role called Passive Identity, please see more <A href="https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/pic_admin_guide/PIC_admin/PIC_admin_chapter_00.html" target="_self">here</A>).</P><P>BR,</P><P>Milos</P> Mon, 30 Aug 2021 19:39:41 GMT https://community.cisco.com/t5/network-security/user-to-ip-mapping-on-fmc/m-p/4457141#M1083220 Milos_Jovanovic 2021-08-30T19:39:41Z