08-25-2020 07:24 AM - edited 08-25-2020 07:29 AM
Hi,
Working on a use case as follows:
UserA - 192.168.1.1 (First Login)
UserA - 192.168.1.2 (Second Login)
UserA login into 192.168.1.1 after login at 192.168.1.1. Based on ISE passiveID, only first IP is registered in User-IP mapping and shared via pxGrid to FMC. Any possibility for the same UserA map to multiple IPs for concurrent login?
Currently even based on endpoint probes, the mapping will not get updated within 4 hours if user has no logout from earlier session.
Without relying on limiting concurrent login at AD and PAM solution, do we have any workaround for ISE PassiveID to get latest endpoint information? Or are there any possibility for same username mapped to 2 or more IP?
Thanks
Wing Churn
08-25-2020 08:35 AM
08-25-2020 08:59 AM
Our problem is more towards ISE-PIC. PassiveID does not reflect new IP for new login with another IP address.
If userA login from 192.168.1.1 for the first time, we receive the login message in ISE-PIC and share across to FMC via pxGrid. A second login from userA without logout from previous session at another IP address does not appear in ISE-PIC. Are there any specific tuning in ISE-PIC for concurrent/multi IP mapping?
Wing Churn
08-26-2020 09:26 AM
06-15-2022 06:53 AM
@Timothy AbbottI know this is old, but do you have some info on how to convert the FMC integration with ISE from ISE-PIC to ISE?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide