Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1670
Views
0
Helpful
4
Replies

User-to-IP mapping on FMC

Turbo727
Level 1
Level 1

‎08-29-2021 09:22 PM

We have FTD-A as a VPN firewall that authenticates remote users against LDAP and assigns IP addresses.

 

What we are trying to achieve is a user-based policy applied on FTD-B, but we are having problems identifying users when they are connected to VPN. 

 

What is the best way to push User-to-IP mapping from FTD-A to FTD-B? Both are managed by the same FMC.

0 Helpful
4 Replies 4

Chakshu Piplani
Cisco Employee
Cisco Employee

‎08-30-2021 01:29 AM

Are your FTD-A and B in HA?

0 Helpful

Turbo727
Level 1
Level 1
In response to Chakshu Piplani

‎08-30-2021 01:30 AM

No. They are different firewalls.
0 Helpful

Chakshu Piplani
Cisco Employee
Cisco Employee

‎08-30-2021 11:08 AM

I dont think that's a possibility as they are treated as separate device.

0 Helpful

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-30-2021 12:39 PM

Hi @Turbo727,

You won't be able to do this, without intermediate device.

What you need in between is ISE for this purpose. For VPN use-case, it would serve as RADIUS server, responsible for authentication and authorization, while collecting User-to-IP mapping at the same time. For FTD-B use-case, it would serve as identity source (role called Passive Identity, please see more here).

BR,

Milos

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card