cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1975
Views
0
Helpful
6
Replies

Integration of FMC with User Agent

Hello, 

 

I am trying to integrate FMC with AD in order to be able to set up RA VPN. 

I have created the user agent in the FMC. 

I have installed the agent on a server and in the agent I have configured the AD and it is connected. 

When I try to add the FMC I get "Unable to connect to Firepower Management". 

 

In the logs of the agent I see entries like these:

[0003] - Error connecting to FMC x.x.x.x: MySql.Data.MySqlClient.MySqlException (0x80004005): Authentication to host 'x.x.x.x' for user 'etel_msg' using method 'mysql_native_password' failed with message: Access denied for user 'etel_msg'@' ...

 

I am not quite sure what it means. 

I have no firewall between the FMC and the server. I have disabled the firewall of the server the user agent is installed and I have disabled the antivirus, but none of these worked. 

 

Any thoughts?


Regards, 

Konstantinos

6 Replies 6

@kostasthedelegate 

What version of FMC are you running? User Agent was depreciated as of version 6.6.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/relnotes/firepower-release-notes-660/features.html#id_110361

 

Even if you aren't running 6.6 you should probably consider using ISE or ISE-PIC to learn user identities.

I use 6.4.0.9

Hi,

Did you allow the server to communicate to FMC in FMC HTTP Access List
Settings > System Configuration > HTTP Access List


**** please remember to rate useful posts

Hello, 

 

Well I have port 443 and 22 to any

 

I figured out that the problem was the pwd I was inserting. 

It needed to be blank. I do not know what this pwd is!

 

Regards, 

Konstantinos

That password is to authenticate and authorize the user agent to the FMC. If you don't specify any user agent password with the command configure user-agent on the FMC, then you don't have to type in any password on the Firepower agent AD configuration window. It would be good practice to set a password for that communication though. However, that feature I think came out starting from the user agent version 2.5 on. Take a look at this post of mine and see if it helps:

https://bluenetsec.com/cisco-firepower-user-agent/

Hello Aref, 

 

Yes I understand now the concept of the pwd. 

This should be mentioned in the documentation of Cisco though. 

 

Thanks and regards, 

Konstantinos

Review Cisco Networking for a $25 gift card