09-29-2015 02:42 AM - edited 03-10-2019 11:06 PM
Hello guys,
i use ISE with normal AD join. Right now Ad is running ldap. Will the communication between AD and ISE also work if i switch over to only allow ldap secure from AD site ?
Is there a way to configue it ?
I saw that when i configured lagacy ldap it is possible to enable or disable.
Thanks for your help
Greetings
Philip
09-29-2015 02:51 AM
Hi,
You will need to change the port under connection settings to your LDAP ssl port and enable "Secure Authentications" with a trusted root ca between the two devices.
Regards,
Jason
09-29-2015 02:54 AM
Hello Jason,
you are speaking about legacy ldap connection right ?
But i mean when i use "AD Join" and switch that to ldap secure. Then there is no option to configure ldap secure. Do you have any idea ?
Greetings
Philip
09-29-2015 02:59 AM
Hi,
This is correct. I misunderstood your question. This should not have an effect as you are not connected via LDAP.
Regards,
Jason
09-29-2015 03:05 AM
Hi,
what use the AD join instead of ldap ?
Watching the communication matrix shows that it uses ldap:
Protocol | Port (remote-local) | Target | Authenticated | Notes |
---|---|---|---|---|
DNS (TCP/UDP) | Random number greater than or equal to 49152 | DNS Servers/AD Domain Controllers | No | — |
MSRPC | 445 | Domain Controllers | Yes | — |
Kerberos (TCP/UDP) | 88 | Domain Controllers | Yes (Kerberos) | MS AD/KDC |
LDAP (TCP/UDP) | 389 | Domain Controllers | Yes | — |
LDAP (GC) | 3268 | Global Catalog Servers | Yes | — |
NTP | 123 | NTP Servers/Domain Controllers | No | — |
IPC | 80 | Other ISE Nodes in the Deployment | Yes (Using RBAC credentials) | — |
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/ISE-ADIntegrationDoc/b_ISE-ADIntegration.html#topic_93C0E5D51E264538B2A1AD9E585CD35B
Greetings
Philip
09-29-2015 04:29 AM
Hi Philip,
I will need to do this in a lab environment to test, which I suggest you do to. As far as I am aware you should be good with kerberos and rpc.
Regards,
Jason
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide