10-20-2017 02:33 AM
Hi,
Configured the following on ISE 2.3:
1 ISE interface for CPP and Admin
CCP portal runs on TCP port 8443 with its own certificate signed by CA1
Admin portal runs on port 443 with its own certificate signed by CA2
When a CCP redirection occurs, the client first get redirected on port 443 (with the wrong certificate) and to port 8443 with the right certificate.
I would have expected that the client would directly go to the 8443 port.
Anybody seen this ?
Thanks
Solved! Go to Solution.
10-20-2017 07:01 AM
Yes, I've been seeing it during beta. This appears related to CSCve85686.
10-20-2017 07:01 AM
Yes, I've been seeing it during beta. This appears related to CSCve85686.
10-22-2017 04:32 PM
I have the same in ISE 2.2 - I raised a TAC case for it. They told me it was due to CSCut16630 (ancient bug).
Luckily I have an F5 load balancer that is masking this issue.
10-22-2017 04:41 PM
We have an enhancement bug -- CSCva84197, but we have not scheduled to address it yet.
10-22-2017 10:04 PM
Thanks all !
10-24-2017 07:19 AM
The ISE installation guide 2.3 states that ISE presents Admin cert for Posture and CPP, then Portal cert for 8443. So I doubt if it’s really a bug. All the installation guides from 1.2 to 2.3 state this.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: