04-18-2016 06:10 AM - edited 03-10-2019 11:41 PM
If I'm using ISE for user identity for WSA or Firepower does it do the same thing as the CDA and just read auth logs from the DC and map IP to user?
I was hoping it could somehow get that info from the the actual auth made against ISE.
With the CDA we cannot get a user to IP mapping for wireless clients such as iPhones because there is never a AD login event. I was hoping that with ISE if the user authenticates to ISE that we would pass that info to the WSA or Firepower for identity. However from what I'm reading it basically just acts the same as CDA.
06-22-2016 05:34 AM
Hi Michaellperrin,
Did you get an answer or found if WSA integrated directly with ISE can get the User-to-IP mappings without deploying CDA's ?
Thanks,
Rick.
06-22-2016 08:03 AM
Hi Rick,
I did get it working in Firepower. It seems to do the same thing as CDA plus the info from Radius.
I'm getting user to IP mapping from wireless users, which I could not get from CDA.
I haven't tested it with WSA yet because the version we are using doesn't have pxGrid support.
I plan on deploying the newest release in my lab and do some testing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide