Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
832
Views
1
Helpful
2
Replies

ISE domain for distributed deployment

garethhinton
Level 1
Level 1

‎09-19-2012 03:34 PM

Deploying multiple PSN's with a distributed deployment, do all the PSN's have to be in the same domain? I have 6 set up in one domain, and would like to run a few more through firewalls and using a different dns domain.

Also interested to see how AD integration works with this. I'd still expect to join the nodes to the common AD domain. Would they be able to join an AD domain which isn't linked with their FQDN?

I'm hoping that running the other policy nodes on an external domain, I can use a standard CSR for the external public certs.

All comments, suggestions, spoliers welcomed!

2 Replies 2

bikespace
Level 1
Level 1

‎09-20-2012 02:48 PM

To explain my poor wording, I'm looking to connect all nodes to the same AD domain, but some of them sit in a different DNS domain. Warping my mind trying to figure out if it's a problem

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to bikespace

‎04-24-2018 07:21 PM

The DNS domains of the ISE nodes may differ from that of the AD domain.

For example, we may have an ISE node with FQDN ise-1.cisco-test.net and join it to an AD domain demo.local. Therefore, we could have ISE nodes with different DNS domains all join to the same AD domain. The main requirement is that the DNS servers configured in the ISE node need to be able to resolve all the records for the AD domains.

Please take a look at

What's new in ISE Active Directory connector - BRKSEC-2132 in On-Demand Library - Cisco Live Global Events

and

Active Directory Integration with Cisco ISE 2.x - Cisco

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents