Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
426
Views
0
Helpful
1
Replies

ISE 3.1 Question

lolit6
Level 1
Level 1

‎08-08-2023 06:23 PM

i have been trying to find a solution to a silly issue. i tried to post on cisco forums but it was broken. we have one main office (2 ISE instances). we have three remote offices (1 ISSE PSN in each). i implemented a hub and spoke setup of VPN policies for to allow all the ISE instances to communicate with each other. two of the remote offices and main office can communicate. however the latest office to be added cannot communicate with the remote offices. communication with the main office has no isseus. so i have the well known error "Queue Link Error: Message=From FQDN To FQDN; Cause=Timeout". my question is two parts. do these instances have to be able to communicate with each other? and if so, why? my thought is since they all can communicate with the main office and the primary instance, what does it matter? i am working with tech support to get the hub and spoke working but its taking some time (yay i found a new issue). thanks for any assistance.

https://showbox.bio https://tutuapp.uno/
Labels:
0 Helpful
1 Reply 1

Milos_Jovanovic
VIP Alumni
VIP Alumni

‎08-09-2023 04:10 AM

Hi @lolit6,

It really depends on your current setup and which roles are running on which nodes. If you have PAN/MnT in hub location, and only PSN in spoke locations (and you are not using node synchronization), then that is everything you need.

There are already similar discussions:

https://community.cisco.com/t5/network-access-control/distributed-ise-nodes-and-communication-between-psns/td-p/4582155

https://community.cisco.com/t5/network-access-control/distributed-environment-ise-ports-communication/td-p/3483023

Kind regards,

Milos

0 Helpful
Customers Also Viewed These Support Documents