Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1801
Views
0
Helpful
8
Replies

Connecting a pxGrid client to natted pxGrid node IP

Go to solution
victguti
Level 1
Level 1

‎01-31-2017 02:41 AM

Hello,

My customer cannot connect FMC 5.4.1.5 (pxGrid client) and ISE (1.3) pxGrid node directly and needs to use NAT for this. Therefore, the pxGrid client  will point to the natted IP of pxGrid node. There will be any problem for pxGrid client registration?

Thanks,

Víctor.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jeppich
Cisco Employee
Cisco Employee
In response to victguti

‎01-31-2017 01:56 PM

Hey Viktor,

You can try, i don't think will work, verifying with development.

Thanks,

John

jeppich@cisco.com

View solution in original post

0 Helpful
8 Replies 8

Go to solution
kthiruve
Cisco Employee
Cisco Employee

‎01-31-2017 12:51 PM

Both PxGrid client and server require certificates. I have reached out the SME on this. You will see a response soon.

-Krishnan

0 Helpful

Go to solution
jeppich
Cisco Employee
Cisco Employee
In response to kthiruve

‎01-31-2017 01:39 PM

Hey Krishnan, Victor.

The FMC client requires connection to port TCP/5222 of the ISE pxGrid node.

Thanks,
John

jeppich@cisco.com

0 Helpful

Go to solution
victguti
Level 1
Level 1
In response to jeppich

‎01-31-2017 01:46 PM

Hi John,

Many thanks. Certificates are configured in pxGrid node and pxGrid client and yes, we opened the TCP/5222 port in the firewall but performing network address translation to ISE node. It means, pxGrid client doesn't point to the real pxGrid node IP address but to the natted IP. Do you think it will cause an issue on pxGrid node registration?

Thanks,

Víctor.

Sent from my Samsung Galaxy smartphone.

0 Helpful

Go to solution
jeppich
Cisco Employee
Cisco Employee
In response to victguti

‎01-31-2017 01:56 PM

Hey Viktor,

You can try, i don't think will work, verifying with development.

Thanks,

John

jeppich@cisco.com

0 Helpful

Go to solution
jeppich
Cisco Employee
Cisco Employee
In response to jeppich

‎01-31-2017 03:02 PM

Hey Viktor,

I stand corrected, development says you should be good.

Thanks,

John

jeppich@cisco.com

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to jeppich

‎01-31-2017 03:06 PM

You would need to make sure DNS resolves to the ip address of the address that the PXgrid client is trying to communicate with. This DNS name is what is present in the certificate. Otherwise there will be a mismatch and it will fail.

Any systems in the non natted environment (same internal network as ISE) would need to resolve to the internal IP

0 Helpful

Go to solution
victguti
Level 1
Level 1
In response to Jason Kunst

‎02-02-2017 07:26 AM

Hi Jason,

They use the same DNS servers for FMC and ISE nodes and they resolve to the internal pxGrid node IP address...

Adding the natted IP to the A DNS record already existent would be ok?

Thanks,

Víctor.

0 Helpful

Go to solution
victguti
Level 1
Level 1
In response to jeppich

‎01-31-2017 03:12 PM

Hey John,

Great, many thanks. I will try and let you know in any case.

Best regards,

Víctor.

Sent from my Samsung Galaxy smartphone.

0 Helpful
Customers Also Viewed These Support Documents