ISE connect with multiple SSL certificates

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2012 07:40 PM - edited 03-10-2019 07:46 PM
Hi,
I have some new requirements as follows;
Active Directory Domain A with Certificate Authority A
Active Directory Domain B with Certificate Authority B
I would like to make sure that my understanding about this solution is correct.
Can I have ISE 1.1.2 join in to both domains ? No
Can I use AD connection with Domain A and LDAP connection with Domain B ? Yes
Does the user can be authenticated from these two domains ? May be yes, from AD and LDAP
Can I have ISE with include both root certificates of domain A and B ? Yes
Does ISE supports single name indication for SSL certificate ? No
With EAP-TLS, I have to choose only 1 domain for making EAP-TLS, right ? Yes but not sure
Regards,
PM
- Labels:
-
AAA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-23-2014 04:19 AM
https://supportforums.cisco.com/discussion/11883331/ise-multiple-ad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2014 06:01 AM
ISE release 1.1.2 does not support Multiple AD

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-30-2014 06:36 AM
You can have ise join to one domain (domain A - local domain ) and can authenticate users from another domain (domain B - remote domain) without using LDAP instance. All you need 2-way trust relationship between domain A and B.
ISE supports multidomain forests. ISE connects to a single domain, but can access resources from the other domains in the Active Directory forest if trust relationships are established between the domain to which ISE is connected and the other domains.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-1/user_guide/ise11_user_guide/ise_man_id_stores.html#wp1059011
This way users from both the domains can authenticate.
Regards,
Jatin Katyal
**Do rate helpful posts**
