Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1795
Views
0
Helpful
3
Replies

ISE Guest portal using public DNS

Go to solution
jerry.larson
Level 1
Level 1

‎04-19-2019 03:51 PM - edited ‎04-19-2019 03:51 PM

Hello community, 

 

Is it possible to use public DNS for ISE guest splash page. If not possible how would I handle this? We have an api that users need to access while on site, but we do not want to open access to the private IP. We want them to go out to the internet and back in. Is it possible to do both with a public DNS server? We currently use internal DNS for guest, they are unable to access the api without opening a hole in the firewall which we do not want to do.

 

thank you, 

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎04-20-2019 11:24 AM

What you want to do is definitely supported.  One way I have seen it done is to place internal IP's in the external DNS, then rely on "leak" of guest redirection traffic to an internal ISE node, or DMZ.  At the end of the day the user needs to resolve the hostname, and be able to reach the web portal.

An alternate could be what Arne posted over here recently.
https://community.cisco.com/t5/identity-services-engine-ise/ise-guest-and-dns/m-p/3839857/highlight/true#M25895

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎04-19-2019 07:04 PM

This has been answered many times did you search the community?
0 Helpful

Go to solution
jerry.larson
Level 1
Level 1
In response to Jason Kunst

‎04-19-2019 07:27 PM

I will do a search, did not see it.
0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni

‎04-20-2019 11:24 AM

What you want to do is definitely supported.  One way I have seen it done is to place internal IP's in the external DNS, then rely on "leak" of guest redirection traffic to an internal ISE node, or DMZ.  At the end of the day the user needs to resolve the hostname, and be able to reach the web portal.

An alternate could be what Arne posted over here recently.
https://community.cisco.com/t5/identity-services-engine-ise/ise-guest-and-dns/m-p/3839857/highlight/true#M25895

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents