cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
535
Views
5
Helpful
1
Replies
Beginner

Firepower User Identification

Could someone please tell me if it is possible for remote vpn users (anyconnect users) that authenticated using LDAP in full tunneling mode are redirected to sfr module and then hitting the same access rule when those users connected through LAN? As I know, the user agent only monitor the login events of domain controller, but the ip-user mapping of vpn users will not be populated within the login events, right?

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

From my understanding this is

From my understanding this is not possible with the user agent since it only parses the security log for login events and you wont see a logon event with your assigned anyconnect ip address but the radius client / ldap client which is ASA itself.

If you need identity integration for AnyConnect, ISE would be the solution of choice.

View solution in original post

1 REPLY 1
Highlighted
Rising star

From my understanding this is

From my understanding this is not possible with the user agent since it only parses the security log for login events and you wont see a logon event with your assigned anyconnect ip address but the radius client / ldap client which is ASA itself.

If you need identity integration for AnyConnect, ISE would be the solution of choice.

View solution in original post