Re: Firepower User Identiry

keithcclark71 · ‎12-30-2020

Firepower is logging usernames to IP address for one subnet only which is where the Cisco user agent software is installed and also the domain controller is also on the same subnet. How do I get username to IP mappings working with VLANs that are on subnets separate from the Domain Controller?

I know the agent is being depreciated but I believe in my past life with Firepower i was able to log usernames on different Vlans and even remote user VPN connections.

Mohammed al Baqari · ‎12-30-2020

Hi,

User agent should still provide mapping from other vlans if the info is in
AD. Check if you have subnet filter in fmc to limit the subnet information.
This is located under identity sources.

**** please remember to rate useful posts

keithcclark71 · ‎12-31-2020

Hi Mohammed the only configurable option I have within FMC is Identity Sources for which I have setup the IP address of the User agent for example 192.168.20.10. On the user agent domain joined machine (192.168.20.10) I have full connectivity back to the domain controller etc I have IP to Username mappings for anyone on the 192.168.20.0/24 subnet so its working properly on this subnet. I have 2 other VLANS 10.0.50.0/24 and 10.0.60.0/24 that domain users authenticate to the DC in the 192.168.20.0/24 subnet however I get no username to IP mappings for these VLANS. I do not see any subnet filter under Identity sources nor would I have manually applied a filtered