11-27-2016 11:21 PM
x-posted to internal cs-firepower mailling list.
Hi all,
I have the following problem :
User are normally represented with domain\username which can be used for group lookup in AD/LDAP by FMC by the username = "username".
But with eap-chaining - it will look like : domain\username/PCname, which can not be used in LDAP/AD lookup inside FMC, since username will be : username, host/PCname.
Can I in any way strip information before it "leaves" ISE info PXGRID ?
best regards
Tue
12-01-2016 07:09 AM
12-01-2016 08:29 AM
Hey Tim, Tue,
So for EAP Chaining the username and machine syntax such as domain\username, username@domain is dependent on the protected identity pattern. You can use AnyConnect NAM to test around with this, With Firepower it is possible to get username, domain/name.
This is not a pxGrid issue. Which version of Firepower are you using?
Thanks,
John
12-02-2016 08:05 AM
Hi John,
I´m not sure I fully understand what you mean.
Firepower version 6.1 is being used.
In FMC is looks like this now :
Then the identiy does not match and then rules does not apply.
Best regards
Tue
12-06-2016 12:52 AM
Hi
This is how it looks inside FMC :
So the identity received from ISE is not able to be matched ..
How do I make sure I can use the identity in my FMC policies ?
I have attached a pdf file showing the live log form ISE.
Best regards
Tue
12-07-2016 07:03 PM
Hey Tue,
What do you see under the FMC User Activity Screen? Are you seeing the same? What version of FMC are you using
You can try creating an Access policy based on user. Or better yet, assign an ISE authorization SGT policy of employee to the successfully authenticated user. You can then assign the access policy based on the Employee SGT.
Send me an email, and we can schedule a webex.
Thanks,
John
09-24-2021 10:58 AM
Hi Guys
topic is quite aged but what did u finish with (it looks quite similar to deployment we plan in our customer)?
tnx in adv
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide