Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
1
Helpful
4
Replies

Cisco ISE hybrid environment

drr
Level 1
Level 1

‎03-29-2025 03:03 AM

Hi team,

We have a hybrid on-prem/Azure environment but currently running ISE on-prem as a small deployment (2 nodes) as well as two load balancers.

We are thinking about moving one of the ISE nodes to Azure and would like your advise on what approach would be most optimal.

Im thinking of using one load balancer in the cloud, as well as one ISE node, but no load balancer on prem but only an ISE node. The LB in Azure will handle the traffic to the Azure and on-prem node. The downside is of course that traffic from NAD to the on-prem ISE node will need to go to Azure LB and then back on-prem, but i dont know how to configure a LB on-prem and the other in Azure as we are using a VIP address in the same network.

Maybe DNS LB is the way to go for this setup instead? Any advice from you guys?

 

Thanks

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎03-29-2025 08:11 AM

Yes, ISE supports the Hybrid setup and looks for some latency or other requirements in the deployment guide.

You can use the same load balancer (LB) as long as ISE can reach it; that should work as expected.

If all NADs are on-premises, then you can move the LB to on-premises and route LB traffic between on-premises ISE and Azure ISE.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

drr
Level 1
Level 1
In response to balaji.bandi

‎04-05-2025 12:54 PM

Hi and thanks for responding!

As far as I understand, for the LB to work transparent, ISE need to route the traffic back to the LB for all the NADs. This is impossible since on-prem ISE is not in the same network as Azure LB. So how do you solve it?

0 Helpful

Marcelo Morais
VIP
VIP

‎03-29-2025 10:44 AM

Hi @drr ,

 in addition to what @balaji.bandi already said ... since you are thinking about moving ISE to the Cloud, please take a look at:

ISE - What we need to know about SNS / VM

special attention to the Cloud topic and Charlie Moreton - ISE in a Hybrid Cloud Environment - YouTube reference link.

 

Hope this helps !!!

 

drr
Level 1
Level 1
In response to Marcelo Morais

‎04-05-2025 12:54 PM

Hi and thanks for responding!

As far as I understand, for the LB to work transparent, ISE need to route the traffic back to the LB for all the NADs. This is impossible since on-prem ISE is not in the same network as Azure LB. So how do you solve it?

0 Helpful
Customers Also Viewed These Support Documents