cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1718
Views
5
Helpful
10
Replies

ISE Self Registration Portal Issue

gerald.scott
Level 1
Level 1
I am running ISE 2.4 in my lab. Trying to configure the Self Registration Guest Portal in interface g1 using a certificate issued by internal Windows CA with CN=guest portal url. When connecting client to guest network, redirection policies are working correctly, however, redirect portal doesn't actually load for user to go through registration process. Files attached show configuration items.
1 Accepted Solution

Accepted Solutions

I would check routing issues in the lab then. I assume you have different networks on the different interfaces. Why are you doing this? Usually separate interfaces are used to drop a portal into a dmz for a PSN for example but it you’re just doing basic setup stick with what works

View solution in original post

10 Replies 10

Surendra
Cisco Employee
Cisco Employee

Couple of this i would recommend you to check would be the DNS resolution of the FQDN you are using for guest portal in the URL and connectivity to the ISE Gig 1 from the end client over TCP port 8443. If they work during the redirection phase, i don't see why the page won't load.

Also I don’t get the point of generating an internal cert for guest portal? Users won’t be able to use it since it’s not well known anyway why didn’t you simply use the default self signed to keep it simple to start? Only corporate machines with the certificate chain installed on employee machines would be able to use internal generated cert so unless this is an employee CWA portal doesn’t make sense

Thanks, Jason.  I am now using the self-signed cert, but the issue is the same.  The portal will not load on int g1, however, it does work on int g0.  I failed to mention that in the original post.

Is it activated under the portal settings? Otherwise please work through the TAC.

delete.png

Thanks, Jason. Below is a screenshot showing the interface is activated in the portal settings. This is just an eval copy of ISE running in my home lab as I am learning ISE, therefore, I don't believe TAC is an option.

 

portal_interface_settings.PNG

I would check routing issues in the lab then. I assume you have different networks on the different interfaces. Why are you doing this? Usually separate interfaces are used to drop a portal into a dmz for a PSN for example but it you’re just doing basic setup stick with what works

Thanks, Jason.  This was just something I was trying out.

Thanks, Surendra.  I have verified that both are working correctly.

I have seen instances where the portal won't load if Bond0 is not selected. Even though you're not bonding interfaces it seems to break access to the portal if not selected.

Thanks, Craig. 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: