04-25-2018 03:16 PM
Hi all,
I am trying to make an API call to ISE 2.2 on port 443. The server from where I am making the call uses TLS1.0 for sending the Hello during the TLS handshake. ISE rejects the request and does not responds back.with server Hello.
I am able to make the same request to ISE from a different server using TLSv1.2 and it works as intended.
Can anybody confirm if ISE does not supports TLSv1.0 for SSL communication?
Solved! Go to Solution.
04-25-2018 03:51 PM
REST Monitoring calls are made to MNT node on 443, but ERS API calls must use the designated port of 9060 to PAN node. The TLS under ISE 2.2 Security Settings do not apply to ISE web service.
ISE admin portal supports TLS 1.1 and 1.2 since ISE 2.0.
04-25-2018 03:29 PM
Hi Vishal
What API calls are you making on port 443? I thought the ERS stuff was on TCP/9060 ?
To enable TLS 1.0 try this
04-25-2018 03:51 PM
REST Monitoring calls are made to MNT node on 443, but ERS API calls must use the designated port of 9060 to PAN node. The TLS under ISE 2.2 Security Settings do not apply to ISE web service.
ISE admin portal supports TLS 1.1 and 1.2 since ISE 2.0.
04-25-2018 05:52 PM
Thanks chyps that is exactly what I wanted to confirm. "ISE admin portal supports TLS 1.1 and 1.2 since ISE 2.0"
I am not making ERS API calls.
I am making REST Monitoring calls to Mnt service (Standalone ISE node) on 443 to quarantine the endpoints by IP-address using the following API calls:
https://<primary_ise_node>/ise/eps/QuarantineByIP/{IP_Address}
04-25-2018 05:53 PM
arne.bier Thanks for your quick response to my post.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide