Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1087
Views
0
Helpful
3
Replies

Firepower via FMC

Go to solution
shaikh.zaid22
Beginner
Beginner

‎09-29-2021 04:19 AM

Hi,

 

I am experiencing a weird issue with my firewall which is a cisco firepower 2110 via FMC. AD is integrated for remote VPN.

 

Under the Analysis tab when i try to filter traffic with a particular source ip address say 10.X.X.30, the current user: shows as discovered identities\"name_of_user" (LDAP). However, when i crosscheck the username showing in current user is incorrect.

This am observing only on wirelessLAN.

 

for Eg: i connected a test laptop with domain credentials on WLAN i get the ip address say 10.X.X.35, however under Current User section: the user information shows is of some other user.

How is it possible? Since on te Firewall only the AD is integrated and reachability is ensured.

Please provide some insight. 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-29-2021 05:27 AM

To get high fidelity username to IP address mapping information you should have an identity integration - either Cisco ISE (preferred) or User Agent (deprecated starting with 6.7).

Otherwise you will get the passive discovery from a network discovery policy. The AD integration as an authentication source for remote access VPN will only apply to VPN users. AD integration as a realm will only pull in AD groups for use in policies (which in turn depends on identity mapping)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-29-2021 05:27 AM

To get high fidelity username to IP address mapping information you should have an identity integration - either Cisco ISE (preferred) or User Agent (deprecated starting with 6.7).

Otherwise you will get the passive discovery from a network discovery policy. The AD integration as an authentication source for remote access VPN will only apply to VPN users. AD integration as a realm will only pull in AD groups for use in policies (which in turn depends on identity mapping)

0 Helpful

Go to solution
shaikh.zaid22
Beginner
Beginner
In response to Marvin Rhoads

‎09-29-2021 09:00 PM

Thank you Marvin.

 

Understood. I have to configure Identity poilicy with ISE to get accurate user info.

 

It will be great if you can share the link to learn more about this.

 

Thanks once again.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents