https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039791#M23835 <P>We are building a new site in a test lab in one of our current buildings.<BR />The test lab is able to access most of the rest of the network (some remote sites are not accessible).</P> <P>I want to configure an ISE policy node in this site I don't think this will cause an issue but I wanted to check first so...</P> <P>1st question<BR />If I join this unit to the&nbsp;ISE deployment &nbsp;it will be able to see the admin and monitoring nodes but not some of the remote policy nodes- would this cause a problem for it?</P> <P>2nd question<BR />The bigger problem might be with the AD integration does the policy node talk to the DCs or is that all handled via the Admin nodes</P> <P>Thanks</P> <P>Giles Cooper</P> Mon, 11 Mar 2019 07:29:03 GMT bgl-group 2019-03-11T07:29:03Z https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039791#M23835 <P>We are building a new site in a test lab in one of our current buildings.<BR />The test lab is able to access most of the rest of the network (some remote sites are not accessible).</P> <P>I want to configure an ISE policy node in this site I don't think this will cause an issue but I wanted to check first so...</P> <P>1st question<BR />If I join this unit to the&nbsp;ISE deployment &nbsp;it will be able to see the admin and monitoring nodes but not some of the remote policy nodes- would this cause a problem for it?</P> <P>2nd question<BR />The bigger problem might be with the AD integration does the policy node talk to the DCs or is that all handled via the Admin nodes</P> <P>Thanks</P> <P>Giles Cooper</P> Mon, 11 Mar 2019 07:29:03 GMT https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039791#M23835 bgl-group 2019-03-11T07:29:03Z https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039792#M23838 <P>1) PSN's talk to each other when they are part of a node group. If they are not, they do not need to communicate with each other as far as I can remember.</P> <P>2) PSN's do talk to the AD, so this communication needs to be there:</P> <P>The entire port and communication reference for all nodes is available here:</P> <P>http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html</P> Wed, 22 Feb 2017 13:11:46 GMT https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039792#M23838 Rahul Govindan 2017-02-22T13:11:46Z https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039793#M23840 <P>Thanks for that.</P> <P></P> <P>So if a PSN can see all of the DCs apart from two if it doesn't get a response then will it try another one?</P> <P></P> <P>If it is a bit slower then I don't really mind as it will be a temporary fix.</P> Wed, 22 Feb 2017 13:56:33 GMT https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039793#M23840 bgl-group 2017-02-22T13:56:33Z https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039794#M23842 <P>Yes, it will failover to another DC if it is not able to talk to its assigned one. I believe when you set up AD integration, it automatically assigns a DC from the domain based on the initial response, so the new PSN should talk to the DC it can reach (and closest to) only.</P> <P>More info on that here:</P> <P>http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/ise_active_directory_integration/b_ISE_AD_integration_20.pdf</P> Wed, 22 Feb 2017 14:36:21 GMT https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039794#M23842 Rahul Govindan 2017-02-22T14:36:21Z https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039795#M23843 <P>Thanks very much for your help.</P> <P></P> <P>Giles</P> Wed, 22 Feb 2017 14:39:38 GMT https://community.cisco.com/t5/network-access-control/ise-policy-node-deployment/m-p/3039795#M23843 bgl-group 2017-02-22T14:39:38Z