https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960561#M259872 <HTML><HEAD></HEAD><BODY><P>You sir, You are the man <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN> 100x thnx.</P><P>Thoughts on secondary ise as monitor primary?</P></BODY></HTML> Wed, 25 Jul 2012 03:51:14 GMT edondurguti 2012-07-25T03:51:14Z https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960557#M259513 <P>Hi guys. </P><P>Im trying to setup two cisco ise appliances. Primary and Seconadary. Everything is fine. I import the self signed cert from the secodary to primary and life is good. </P><P>But... I though if i make the secondary node PRIMARY only for MONITORING it would be better for cpu and all that. When i do that and go to DAsh Board i get an error saying untrusted cuz secondary node has a self signed cert. it wont let me see the dash board. Anyone had this problem?!?</P><P>I do not have a CA cert. maybe if i use verisign or godaddy certs this would work. We have those spare and they are cheap and those certs would help for clients not to see the continue anyway stuff and so on</P><P></P><P>Sent from Cisco Technical Support iPhone App</P> Mon, 11 Mar 2019 02:20:00 GMT https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960557#M259513 edondurguti 2019-03-11T02:20:00Z https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960558#M259587 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>No need to worry it is because the reports that are displayed are from the secondary node so the browser rejects the content. As a workaround log back into the secondary node using the fqdn or the CN for the cert name and trust the self signed cert. Once you log back into the primary you will see the content displayed again.</P><P></P><P>thanks,</P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Wed, 25 Jul 2012 03:41:15 GMT https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960558#M259587 Tarik Admani 2012-07-25T03:41:15Z https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960559#M259674 <HTML><HEAD></HEAD><BODY><P>Hi. Thnx. Im gna vpn in now. U still think</P><P>Its a good idea to have secondary node to monitoring?</P><P>What abt verisign cert?</P><P></P><P>Sent from Cisco Technical Support iPhone App</P></BODY></HTML> Wed, 25 Jul 2012 03:43:58 GMT https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960559#M259674 edondurguti 2012-07-25T03:43:58Z https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960560#M259717 <HTML><HEAD></HEAD><BODY><P>The versign cert is a good idea to go with. Just remember that ISE does not support wildcard certificates so you will have to generate a CSR from ISE and will need it signed.</P><P></P><P><SPAN>Here is a sample of how to create a CSR - </SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_cert.html#wp1077292">http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_cert.html#wp1077292</A></P><P></P><P>thanks,</P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Wed, 25 Jul 2012 03:49:09 GMT https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960560#M259717 Tarik Admani 2012-07-25T03:49:09Z https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960561#M259872 <HTML><HEAD></HEAD><BODY><P>You sir, You are the man <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN> 100x thnx.</P><P>Thoughts on secondary ise as monitor primary?</P></BODY></HTML> Wed, 25 Jul 2012 03:51:14 GMT https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960561#M259872 edondurguti 2012-07-25T03:51:14Z https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960562#M259970 <HTML><HEAD></HEAD><BODY><P>That is the way I usually deploy ISE for my customers, it helps like you mentioned balance the processing and cpu cycles between the two nodes.</P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Wed, 25 Jul 2012 03:57:27 GMT https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960562#M259970 Tarik Admani 2012-07-25T03:57:27Z https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960563#M260069 <HTML><HEAD></HEAD><BODY><P>Alright thanks dude I really appreciate it <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P>Take care.</P></BODY></HTML> Wed, 25 Jul 2012 03:58:36 GMT https://community.cisco.com/t5/network-access-control/ise-deployment/m-p/1960563#M260069 edondurguti 2012-07-25T03:58:36Z