11-13-2018 08:14 AM
Hi everyone,
I've checked secure syslog between a PSN node and a MNT node, once with Server Identity Check and once without. As far as I can tell, it's the same TLS handshake.
Also, I could find no mention of this feature within the ISE 2.4 documentation. I'd appreciate any clarification.
Thanks!
Solved! Go to Solution.
11-13-2018 08:59 AM
11-13-2018 08:59 AM
11-13-2018 11:57 AM
Thanks. I think it's important to document this feature, since no alarms came up on the PAN when the syslogs didn't arrive correctly to the MnT node. Only when removing this checkbox could I see new syslogs on the MnT.
Just to make sure that the feature is clear for posterity's sake:
If CN of secure syslog certificate is different from FQDN of TLS server (for example MnT syslogs arriving from PSN), it drops the TLS session. Is this correct?
11-13-2018 12:00 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide