ā10-14-2018 10:39 AM
Dear Friends,
I have SNS-3595 with ISE version 2.3 (patch 3). My Cisco ISE if want to have access to Internet it must going through Proxy.
Communication between Cisco ISE and Proxy working good. But I have error with information "Connection to the remote site has failed. Verify that the remote site is available and/or related ISE administration settings are correct."
I run TCP Dump and I see:
Alert with information that problem is with Protocol Version.
Can anybody explain me this problem ? Why it occured ? How can I resolve it?
Best regards
Solved! Go to Solution.
ā10-15-2018 01:21 AM
Dear Martin,
I found a document in which I read that TLS1.2 is supported from the version 2.4, earlier versions support only TLS1.0 and 1.1.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769
So, probably this is not a bug, but normal behaviour. Proxy has disabled support for TLS1.0, so I must request my client to enable it.
Thanks for your help! Best regards
ā10-15-2018 01:02 AM
Hi
Looks that you are hitting this bug: ISE uses TLS 1.0 when proxy configured and TLS 1.2 if no proxy configured (CSCvk10081)
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk10081
Br,
ā10-15-2018 01:21 AM
Dear Martin,
I found a document in which I read that TLS1.2 is supported from the version 2.4, earlier versions support only TLS1.0 and 1.1.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769
So, probably this is not a bug, but normal behaviour. Proxy has disabled support for TLS1.0, so I must request my client to enable it.
Thanks for your help! Best regards
ā10-15-2018 01:53 AM
Hi
Great that you have found a solution
Cisco has fixed the issue on 2.2 patch 11 (released in oct) which now support TLS 1.2. But the fix has not been released on 2.3 (at least not yet, last patch is sept)
Br,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide