topic Adding to Karsten's correct in Network Access Control

Cisco ise 1.3 subject alternative name SAN

Augustgood — Mon, 11 Mar 2019 05:58:33 GMT

hi, who can help me to understand san on Ise 1.3.

You want to access the

Karsten Iwen — Sun, 16 Aug 2015 08:25:52 GMT

You want to access the webpages of the ISE by different names. A good example for that is the my-devices or the sponsor-portal. To access it by the native name of one of your ISEs would be quite unfriendly to your users. If they can access that asmydevices.example.net and sponsorportal.example.net, it's much easier for the users. But for not getting a cert-warning, you need to have all additional names added to the certificate. These are the "Subject Alternate Names"or SANs. Another method to achieve the same is to use a wildcard-certificate.

Adding to Karsten's correct

Marvin Rhoads — Sun, 16 Aug 2015 14:18:06 GMT

Adding to Karsten's correct answer - make sure you have SANs even when using a wildcard certificate. That's because native Windows 802.1x supplicants will not properly trust a wildcard certificate.

If you're only doing Central Web Authentication (CWA) or exclusively deploying the AnyConnect Secure Mobility Client Network Access Module (NAM) as your supplicant it's not a problem.