cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
873
Views
5
Helpful
1
Replies

Firepower User Identification

romi.darmawan1
Level 1
Level 1

Could someone please tell me if it is possible for remote vpn users (anyconnect users) that authenticated using LDAP in full tunneling mode are redirected to sfr module and then hitting the same access rule when those users connected through LAN? As I know, the user agent only monitor the login events of domain controller, but the ip-user mapping of vpn users will not be populated within the login events, right?

Thanks in advance.

1 Accepted Solution

Accepted Solutions

Oliver Kaiser
Level 7
Level 7

From my understanding this is not possible with the user agent since it only parses the security log for login events and you wont see a logon event with your assigned anyconnect ip address but the radius client / ldap client which is ASA itself.

If you need identity integration for AnyConnect, ISE would be the solution of choice.

View solution in original post

1 Reply 1

Oliver Kaiser
Level 7
Level 7

From my understanding this is not possible with the user agent since it only parses the security log for login events and you wont see a logon event with your assigned anyconnect ip address but the radius client / ldap client which is ASA itself.

If you need identity integration for AnyConnect, ISE would be the solution of choice.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: