Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4148
Views
0
Helpful
9
Replies

IP User Mapping - FMC/FTD Identity Policy

Fantas
Level 1
Level 1

‎01-20-2020 09:01 PM - edited ‎02-21-2020 09:50 AM

Hi,

 

I have integrated FMC with ISE PIC and AD through Realm but looks passive authentication is not working as expected.

 

So I can access URLs If I dont add user group in my ACP but I its not working if I add AD user group in my ACP.

 

In terms of configurations of ISE PIC and Integration with AD and FMC is perfectly ok and Looks good.

 

I have doubt that FMC is not sending IP to User mappings to FTD so the rules are not being processed and I cant access URLs.

 

Any help will be highly appreciated please

1 person had this problem
0 Helpful
9 Replies 9

Rob Ingram
VIP
VIP

‎01-21-2020 01:35 AM

Hi,

Have a look at the verification section in this guide, this will help you determine whether you have the User/IP bindings on the FTD.

 

HTH

0 Helpful

Fantas
Level 1
Level 1
In response to Rob Ingram

‎01-21-2020 10:02 AM

Thanks,

 

Look like FMC is not transferring IP to User mapping down to FTD as I cant see my User ID on FTD while its present on FMC.

 

How I can fix if IP to user mappings are not received by FTD.

0 Helpful

Rob Ingram
VIP
VIP
In response to Fantas

‎01-21-2020 10:19 AM

On the FMC go System > Integration > Identity Sources and test the Identity source for ISE is working correctly. If not, refer to this guide to setup FMC and ISE integration.

0 Helpful

Fantas
Level 1
Level 1
In response to Rob Ingram

‎01-21-2020 02:31 PM

ISE and FMC Integration is perfectly fine and working.

 

But still IP to user mapping not handed over to FTD

0 Helpful

Rob Ingram
VIP
VIP
In response to Fantas

‎01-21-2020 02:44 PM

If the bindings are on the FMC, have you defined an identity policy and applied to the FTD?
0 Helpful

Fantas
Level 1
Level 1
In response to Rob Ingram

‎01-21-2020 03:12 PM

Hi,

 

Yes I have defined Identity and Firewall policies (ACP) and applied to FTD.

 

For IP to user mapping to FTD, Is there any specific config I am missing.

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Fantas

‎01-21-2020 09:31 PM

If you've followed the excellent earlier-referenced blog for identity integration and confirmed everything down to the point of checking actual mappings from the cli and finding none, then you are likely hitting some bug or issue specific to your configuration that is best worked out with the TAC online.

I'd suggest opening a case so that an engineer can work with you directly.

0 Helpful

Fantas
Level 1
Level 1
In response to Marvin Rhoads

‎01-22-2020 01:16 AM

Thanks,

 

Yes I am opening case with Cisco for detailed step by step verification's and fix.

0 Helpful

Herald Sison
Level 3
Level 3
In response to Fantas

‎06-24-2022 03:52 PM

hi sir, is this fixed already? i have the same problem to FTD and FMC user mapping are note insynced. any script that i need to run?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card