Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1269
Views
15
Helpful
3
Replies

ISE CWA Portal redirect issue

Go to solution
delpo40
Level 1
Level 1

‎05-27-2022 03:20 AM

Hi,

 

Have set up a CWA Portal for a guest ssid. The client will only redirect to the Portal on the ISE server if I put the IP address in and not the FQDN. 

I was under the impression it was the wifi client that sends the DNS request, and the client LAN is set up so it can talk to a DNS server that knows the FQDN. Can anyone please confirm if this is correct?

 

Also if I am forced to use an IP address is there any way of hiding the IP address on the user's screen so they cannot see the private IP address of the ISE server they are redirected to?

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jonatan Jonasson
Level 4
Level 4

‎05-27-2022 04:02 AM

The most common setup that I've come across when using the guest portal on Cisco ISE is to utilize FQDN with a publicly signed certificate so the end-user sees a user-friendly URL and doesn't get a certificate warning.

So that definitely works.

 

Can you verify that the client is able to resolve the FQDN?

(perhaps by trying to ping or nslookup the FQDN in command line while connected to the guest network, but prior to login.)

If the guest network devices are assigned an external/public DNS for DNS resolution, the FQDN needs to be publicly resolvable.

 

 

 

 

View solution in original post

3 Replies 3

Go to solution
Jonatan Jonasson
Level 4
Level 4

‎05-27-2022 04:02 AM

The most common setup that I've come across when using the guest portal on Cisco ISE is to utilize FQDN with a publicly signed certificate so the end-user sees a user-friendly URL and doesn't get a certificate warning.

So that definitely works.

 

Can you verify that the client is able to resolve the FQDN?

(perhaps by trying to ping or nslookup the FQDN in command line while connected to the guest network, but prior to login.)

If the guest network devices are assigned an external/public DNS for DNS resolution, the FQDN needs to be publicly resolvable.

 

 

 

 

Go to solution
ahollifield
VIP
VIP

‎05-27-2022 05:27 AM

You can use FQDN.  Is the guest client able to resolve the FQDN?  Does your default ACL on the wireless controller allow DNS?

Go to solution
thomas
Cisco Employee
Cisco Employee

‎05-30-2022 11:27 AM - edited ‎05-30-2022 11:27 AM

Please review the instructions in ISE Guest Access Prescriptive Deployment Guide > Configure an ACL to Redirect Guest Devices to the ISE Guest Portal for your redirect ACL and that should do it.

Customers Also Viewed These Support Documents