Solved: ISE distribution deployment

k.elnokrashy1 · ‎06-25-2024

in the ISE distribution deployment

we install the PAN persona in the Main site and PSN persona in the remote site

the MS AD Main domain installed in the main site and we installed a tree branch of the AD on the remote site

1- I need to integrate the remote site PSN with the remote site tree branch AD
2- what will happened if the connection between the Main site and branch site become down ?

I read that there will not be service failure but we can not make any change in the PSN policy
because all changes is made through the PAN

but how the user authentication will happened as there is no communication between the PSN persona and the AD ?

ccieexpert · ‎06-25-2024

the PSN will continue to operate but maybe out of sync with PAN and logging etc may be queued/delayed depending on where the MNT is . But new policy change on PAN will not be synced to the PAN until there is connectivity.. As long as you have AD DC in the branch that can respond to authentication requests, it will work with old policy sets etc

View solution in original post

ccieexpert · ‎06-25-2024

the PSN will continue to operate but maybe out of sync with PAN and logging etc may be queued/delayed depending on where the MNT is . But new policy change on PAN will not be synced to the PAN until there is connectivity.. As long as you have AD DC in the branch that can respond to authentication requests, it will work with old policy sets etc

k.elnokrashy1 · ‎06-28-2024

thanks a lot