Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
10
Helpful
3
Replies

Cisco ISE 3.1 is communcating with unknown Internet IP addresses

adamscottmaster2013
Level 3
Level 3

‎06-16-2022 07:08 AM

My Cisco ISE 3.1 patch 3 is attempting to communicate with these IP addresses over the Internet but my Internal firewalls is blocking it. We only allow the ISE appliance to communicate with tools.cisco.com and tools2.cisco.com over https for Smart Licensing. 

 

These appears to be AWS Internet IP addresses:

 

$ dig @4.2.2.2 -x 35.162.38.159 +short
ec2-35-162-38-159.us-west-2.compute.amazonaws.com.
$ dig @4.2.2.2 -x 35.165.225.238 +short
ec2-35-165-225-238.us-west-2.compute.amazonaws.com.
$ dig @4.2.2.2 -x 52.26.193.222 +short
ec2-52-26-193-222.us-west-2.compute.amazonaws.com.

 

What are those IP addresses for?  Anyone?

 

3 Replies 3

ahollifield
VIP
VIP

‎06-16-2022 07:50 AM

My guess would be for interactive help:

*.walkme.com *.walkmeusercontent.com

0 Helpful

adamscottmaster2013
Level 3
Level 3
In response to ahollifield

‎06-16-2022 01:09 PM

I found the issue.  The stupid ISE is attempting to communicate with cisco connectDNA:

 

dig @4.2.2.2 www.ciscoconnectdna.com +short
www.tesseractcloud.com.
maglev.production-dnaservices-2.tesseractcloud.com.
35.162.38.159
52.26.193.222
35.165.225.238

Arne Bier
VIP
VIP

‎06-16-2022 01:52 PM

If you find an option to disable this, please let us know. 

0 Helpful
Customers Also Viewed These Support Documents