Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1726
Views
10
Helpful
6
Replies

ISE 3.1 Change FQDN for Deployment Nodes

michailkopsiaftis
Level 1
Level 1

‎01-16-2023 07:30 AM - edited ‎01-16-2023 07:48 AM

Hi,

I want your help about a domain change in my company, which will affect Cisco ISE

We have already register our Cisco ISE VM's with an FQDN which includes the legacy domain of my company.

Our case is that we want to change from ise1.xxx.gr to ise1.yyy.gr in a 2 Node Deployment , with with primary & secondary administration nodes.

Can you please help me how to do this and if any downtime will occur?

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎01-16-2023 07:41 AM

how big is the deployment.

if you change the domain, you need to change the certs and also where ever applicable, this required ISE to reboot also.

check some guide lines OLD thread, still usefull :

https://community.cisco.com/t5/network-access-control/changing-domain-name-in-the-ise/td-p/3069219

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

michailkopsiaftis
Level 1
Level 1

‎01-16-2023 07:47 AM - edited ‎01-16-2023 07:48 AM

@balaji.bandi thank you for your immediate response! 

Our deployment is a 2 Node Deployment , with with primary & secondary nodes. We have already import the new certificates in the Nodes.

 

michailkopsiaftis_0-1673884011593.png

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to michailkopsiaftis

‎01-16-2023 08:09 AM

Thank you for sharing the information As @Karsten Iwen suggest DNS may fix the issue, But myself never tried that option, since your certs binded to FQDN.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Karsten Iwen
VIP
VIP

‎01-16-2023 07:56 AM

Are you aware that your ISE deployment will likely work perfectly even if your real Domain is different from the one used on the ISE? Just your DNS needs to be able to resolve the new domain on the ISE nodes. Probably you don't need to change it.

0 Helpful

michailkopsiaftis
Level 1
Level 1
In response to Karsten Iwen

‎01-17-2023 01:02 AM

@Karsten Iwen  thanks for your reply! So you propose to create a cname entry in the dns in order to resolve the new domain. Our problem on this is that as @balaji.bandi mention we will use the new certificates(exported from the new CA) on both ISE Nodes and we are going to delete the old ones. Do you think that this is a problem;

0 Helpful

Karsten Iwen
VIP
VIP
In response to michailkopsiaftis

‎01-17-2023 02:58 AM

The name on the certificate is not really related to the node-name. You can just import the certs and assign its functions. But for the domain name I would probably configure a new zone as you likely will use that for everything that is new.

0 Helpful
Customers Also Viewed These Support Documents