Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1977
Views
0
Helpful
6
Replies

Integration of FMC with User Agent

kostasthedelegate
Level 4
Level 4

‎10-20-2020 04:20 AM

Hello, 

 

I am trying to integrate FMC with AD in order to be able to set up RA VPN. 

I have created the user agent in the FMC. 

I have installed the agent on a server and in the agent I have configured the AD and it is connected. 

When I try to add the FMC I get "Unable to connect to Firepower Management". 

 

In the logs of the agent I see entries like these:

[0003] - Error connecting to FMC x.x.x.x: MySql.Data.MySqlClient.MySqlException (0x80004005): Authentication to host 'x.x.x.x' for user 'etel_msg' using method 'mysql_native_password' failed with message: Access denied for user 'etel_msg'@' ...

 

I am not quite sure what it means. 

I have no firewall between the FMC and the server. I have disabled the firewall of the server the user agent is installed and I have disabled the antivirus, but none of these worked. 

 

Any thoughts?


Regards, 

Konstantinos

1 person had this problem
0 Helpful
6 Replies 6

Rob Ingram
VIP
VIP

‎10-20-2020 04:34 AM

@kostasthedelegate 

What version of FMC are you running? User Agent was depreciated as of version 6.6.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/660/relnotes/firepower-release-notes-660/features.html#id_110361

 

Even if you aren't running 6.6 you should probably consider using ISE or ISE-PIC to learn user identities.

0 Helpful

kostasthedelegate
Level 4
Level 4
In response to Rob Ingram

‎10-20-2020 05:28 AM

I use 6.4.0.9

0 Helpful

Mohammed al Baqari
Level 11
Level 11

‎10-20-2020 05:19 AM

Hi,

Did you allow the server to communicate to FMC in FMC HTTP Access List
Settings > System Configuration > HTTP Access List


**** please remember to rate useful posts
0 Helpful

kostasthedelegate
Level 4
Level 4
In response to Mohammed al Baqari

‎10-20-2020 05:23 AM

Hello, 

 

Well I have port 443 and 22 to any

 

I figured out that the problem was the pwd I was inserting. 

It needed to be blank. I do not know what this pwd is!

 

Regards, 

Konstantinos

0 Helpful

Aref Alsouqi
VIP
VIP
In response to kostasthedelegate

‎10-20-2020 02:44 PM - edited ‎10-20-2020 02:45 PM

That password is to authenticate and authorize the user agent to the FMC. If you don't specify any user agent password with the command configure user-agent on the FMC, then you don't have to type in any password on the Firepower agent AD configuration window. It would be good practice to set a password for that communication though. However, that feature I think came out starting from the user agent version 2.5 on. Take a look at this post of mine and see if it helps:

https://bluenetsec.com/cisco-firepower-user-agent/

0 Helpful

kostasthedelegate
Level 4
Level 4
In response to Aref Alsouqi

‎10-20-2020 10:47 PM

Hello Aref, 

 

Yes I understand now the concept of the pwd. 

This should be mentioned in the documentation of Cisco though. 

 

Thanks and regards, 

Konstantinos

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card