Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11180
Views
40
Helpful
23
Replies

FirePower 6.0, Initiator User showing up as "No Authenticaton Required".

Karl_F
Level 1
Level 1

‎01-07-2016 03:38 AM

I'm Running ASA5515 (9.4-2) with FP module 6.0.0 1005. FSMC 6.0.0 1005.

Under Analysis-Connections-Events-Table View of Connection Events-Initiator User  I am seeing "No Authentication Required" and not the user that should be mapped to the IP address. 

I have active directory integration configured via a Realm, which connects and sees users and allows me to download groups etc, I have an identity policy created using Passive Authentication, and added to the access control policy. I have the User Agent installed on a member server that is polling 2 DC's fine. however still no joy. 

Anyone seeing similar issues? Bug?

Thanks,

Karl.

7 people had this problem
Labels:
0 Helpful
23 Replies 23

JRDIAZ758
Level 1
Level 1
In response to Aastha Bhardwaj

‎01-01-2017 04:13 PM

so change mydomain.local to just mydomain????

0 Helpful

Christopher Bell
Level 4
Level 4

‎02-26-2016 10:02 AM

Have the same problem, I have an open TAC case on this issue.  When I check Analysis -> Users ->User Activity the user to IP mappings are there.  When trying to view connection events under table view, I get "unknown" for Initiator IP.  I have the realm on my DC set to our domain name to match the AD agent.  I've tried with both the short name and the domain name and the results were the same.   

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

tfellinger
Level 1
Level 1
In response to Christopher Bell

‎08-24-2016 04:07 AM

Hi Cristopher,

did you ever resolve this successfully? What was the conclusion after the TAC Case?

Thx!

0 Helpful

Christopher Bell
Level 4
Level 4
In response to tfellinger

‎08-24-2016 08:07 AM

The realm had to match between FMC and the LDAP connectors.  There was an issue with using the actual domain name vs. the short name.  So, if our domain was ourdomain.com we had to use the short name:  ourdomain-domain instead.  At least that's worked for us, hope it helps you!

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

scott.mickelsonAMS
Level 1
Level 1
In response to Christopher Bell

‎03-22-2017 12:15 PM

Can you please explain where the FMC and LDAP settings were made? I'm having a hard time finding the location in settings.

Christopher Bell
Level 4
Level 4
In response to scott.mickelsonAMS

‎03-22-2017 12:20 PM

Sure, log in FMC.  Go to System (right hand corner), then Integration.  Click the "Realms" tab. 

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
0 Helpful

bkastor
Level 1
Level 1
In response to Christopher Bell

‎09-08-2017 11:15 AM

Just a heads up to anyone running 6.2.0.2-51... this still isn't fixed. I just opened up a case with TAC and the next day I stumbled on this thread. As soon as I removed the src/dst on the Identity Policy, it worked. I did not have this bug (or maybe the bug needs to be expanded to include "anything" in the src/dst?):

 

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuz09515/?referring_site=bugquickviewredir

 

...I had a very defined set of networks (not any of the defaults, as described in this bug). It didn't seem to matter, though. As soon as I remove the src/dst and redeployed, I was able to log into a machine and see my AD username... 

 

Thanks to everyone contributing to this thread.. this is a monster to configure, so every comment helps!

 

er.ankitsharma
Level 1
Level 1
In response to Christopher Bell

‎04-29-2018 08:00 PM

Hello,

 

After deploying Anyconnect VPN and successfully allowing the Anyconect IP Pool to access the internal network resource, now I am facing challenges to deploy a internet policy for these Anyconnect VPN user.

 

I want to restrict the Anyconnect users going out on the internet using a AD username based policy.

 

When I create a outside to outside policy keeping the source as the Anyconnect VPN pool and destination as any with defined AD users and applications like outlook then this policy doesn't hit.

 

It seems that the FTD is not able to check the AD users added to the policy for Anyconnect policy. It shows 'initiator user' as no authentication required in the connection events.

 

The rest of the inside to outside policies based on AD username, are working perfectly fine !

 

Please let me know your views on this.

0 Helpful

mimran@gbmme.com
Level 1
Level 1
In response to er.ankitsharma

‎01-26-2019 03:14 AM

Hi Ankit,

 

Were you able to fix the issue, you facing?

 

If yes, then what was the fix, I am having similar issue with 6.3.0.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card