cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

169
Views
1
Helpful
4
Replies
Beginner

ISE server is unreachable from PI 2.2

Hi All,

ISE secondary server is unreachable from cisco Prime 2.2

However Primary and secondary its reachable via GUI and 443 ports are open in Firewall. for both server

Could you please suggest how can I fix the issue.

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE server is unreachable

PI admin CLI should allow you to perform "telnet {IP|hostname} port 443" to verify whether HTTPS reachable at the target server from the PI server. Or, try a SPAN session to capture it.

In our lab setup, I am able to add the primary and secondary MnTs of an ISE 2.1 deployment to an PI 3.1. However, both Tim and I are in ISE product team so I would suggest you to reach out to PI support teams for further support.

4 REPLIES 4
Cisco Employee

Re: ISE server is unreachable

Which version of ISE?  Are you able to connect to the primary ISE server with prime?

Regards,

-Tim

Beginner

Re: ISE server is unreachable

Hi Timothy,

Thanks for your reply.

ISE version 1.4.0.253

ISE primary is added and reachable and ISE secondary is unreachable from Prime.

could not find logs in cisco prime 2.2.

Cisco Employee

Re: ISE server is unreachable

Thanks for the information.  Since you weren't able to find any logs in Prime, would it be possible to review the firewall logs?  This behavior sounds suspiciously like a firewall issue since the primary is reachable.

Regards,

-Tim

Cisco Employee

Re: ISE server is unreachable

PI admin CLI should allow you to perform "telnet {IP|hostname} port 443" to verify whether HTTPS reachable at the target server from the PI server. Or, try a SPAN session to capture it.

In our lab setup, I am able to add the primary and secondary MnTs of an ISE 2.1 deployment to an PI 3.1. However, both Tim and I are in ISE product team so I would suggest you to reach out to PI support teams for further support.