08-25-2022 07:32 PM
I need to test some functionality of FIPS mode and am trying to enable it in a new lab of ISE 3.1 But when I go to admin>system>settings>FIPS Mode>Enabled and try to save I get a error message about needing to use "Default Device Admin" policy in Default Network Access (see screen shot below).
When I navigate to Work centers>Device Admin>Device Admin Policy Sets the default device admin is already set as the allowed protocols (see screen shot below).
This is a relatively fresh build of a lab and doesn't have much configuration. I'm also not very familiar with ISE in terms of TACACS configuration so any help would be appreciated.
Solved! Go to Solution.
08-25-2022 08:54 PM - edited 08-25-2022 08:54 PM
Seems very similar to this but it’s on old code, but you can try the workaround since it’s a lab and let us know
https://bst.cisco.com/bugsearch/bug/CSCvs70863
08-25-2022 08:54 PM - edited 08-25-2022 08:54 PM
Seems very similar to this but it’s on old code, but you can try the workaround since it’s a lab and let us know
https://bst.cisco.com/bugsearch/bug/CSCvs70863
08-29-2022 01:18 PM
This was the case I followed the instructions as listed within the workaround and was able to get FIPS enabled. Appears this bug is still affecting versions all the way to ISE 3.1 which i have installed on my lab.
08-29-2022 02:05 PM
Good that walk around work for you, it’s not very uncommon for older bugs to re surface in new version, I have had a few experiences like this in past
09-05-2023 10:51 PM
In version 3.2 of ISE this solution does not work either. The bug in question is apparently getting worse instead of better. lol
08-26-2022 05:50 AM
TACACS is not a FIPS compliant protocol. I am assuming you are going to run into issues when attempting to use it with the FIPS checkbox enabled.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: