12-30-2020 09:30 AM
Firepower is logging usernames to IP address for one subnet only which is where the Cisco user agent software is installed and also the domain controller is also on the same subnet. How do I get username to IP mappings working with VLANs that are on subnets separate from the Domain Controller?
I know the agent is being depreciated but I believe in my past life with Firepower i was able to log usernames on different Vlans and even remote user VPN connections.
12-30-2020 06:36 PM
12-31-2020 08:16 AM
Hi Mohammed the only configurable option I have within FMC is Identity Sources for which I have setup the IP address of the User agent for example 192.168.20.10. On the user agent domain joined machine (192.168.20.10) I have full connectivity back to the domain controller etc I have IP to Username mappings for anyone on the 192.168.20.0/24 subnet so its working properly on this subnet. I have 2 other VLANS 10.0.50.0/24 and 10.0.60.0/24 that domain users authenticate to the DC in the 192.168.20.0/24 subnet however I get no username to IP mappings for these VLANS. I do not see any subnet filter under Identity sources nor would I have manually applied a filtered
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide