cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1671
Views
0
Helpful
5
Replies

ISE Ad join with ldap Secure

Philip91
Level 1
Level 1

Hello guys,

 

i use ISE with normal AD join. Right now Ad is running ldap. Will the communication between AD and ISE also work if i switch over to only allow ldap secure from AD site ?

Is there a way to configue it ?

I saw that when i configured lagacy ldap it is possible to enable or disable.

 

 

Thanks for your help

 

Greetings

Philip

5 Replies 5

Hi,

 

You will need to change the port under connection settings to your LDAP ssl port and enable "Secure Authentications" with a trusted root ca between the two devices.

 

Regards,

Jason

Hello Jason,

 

you are speaking about legacy ldap connection right ?

 

 

But i mean when i use "AD Join" and switch that to ldap secure. Then there is no option to configure ldap secure. Do you have any idea ?

 

Greetings

Philip

Hi,

 

This is correct. I misunderstood your question. This should not have an effect as you are not connected via LDAP.

 

Regards,

Jason

Hi,

what use the AD join instead of ldap ?

Watching the communication matrix shows that it uses ldap:

 

Protocol

Port (remote-local)

Target

Authenticated

Notes

DNS (TCP/UDP)

Random number greater than or equal to 49152

DNS Servers/AD Domain Controllers

No

MSRPC

445

Domain Controllers

Yes

Kerberos (TCP/UDP)

88

Domain Controllers

Yes (Kerberos)

MS AD/KDC

LDAP (TCP/UDP)

389

Domain Controllers

Yes

LDAP (GC)

3268

Global Catalog Servers

Yes

NTP

123

NTP Servers/Domain Controllers

No

IPC

80

Other ISE Nodes in the Deployment

Yes (Using RBAC credentials)

 

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html#topic_93C0E5D51E264538B2A1AD9E585CD35B

 

Greetings

Philip

Hi Philip,

 

I will need to do this in a lab environment to test, which I suggest you do to. As far as I am aware you should be good with kerberos and rpc.

Regards,

Jason