
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-14-2018 10:39 AM
Dear Friends,
I have SNS-3595 with ISE version 2.3 (patch 3). My Cisco ISE if want to have access to Internet it must going through Proxy.
Communication between Cisco ISE and Proxy working good. But I have error with information "Connection to the remote site has failed. Verify that the remote site is available and/or related ISE administration settings are correct."
I run TCP Dump and I see:
Alert with information that problem is with Protocol Version.
Can anybody explain me this problem ? Why it occured ? How can I resolve it?
Best regards
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2018 01:21 AM
Dear Martin,
I found a document in which I read that TLS1.2 is supported from the version 2.4, earlier versions support only TLS1.0 and 1.1.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769
So, probably this is not a bug, but normal behaviour. Proxy has disabled support for TLS1.0, so I must request my client to enable it.
Thanks for your help! Best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2018 01:02 AM
Hi
Looks that you are hitting this bug: ISE uses TLS 1.0 when proxy configured and TLS 1.2 if no proxy configured (CSCvk10081)
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk10081
Br,
Cisco Fire Jumper

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2018 01:21 AM
Dear Martin,
I found a document in which I read that TLS1.2 is supported from the version 2.4, earlier versions support only TLS1.0 and 1.1.
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769
So, probably this is not a bug, but normal behaviour. Proxy has disabled support for TLS1.0, so I must request my client to enable it.
Thanks for your help! Best regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-15-2018 01:53 AM
Hi
Great that you have found a solution
Cisco has fixed the issue on 2.2 patch 11 (released in oct) which now support TLS 1.2. But the fix has not been released on 2.3 (at least not yet, last patch is sept)
Br,
Cisco Fire Jumper
