Hopefully and easy question here...

I have a distributive deployment of ISE.

We are in the process of migrating all our devices from 172.16.x.x to 10.x.x.x

We decided to put all our ISE nodes on the new 10.x.x.x network

Each ISE node has two interfaces enabled. 

gi0 (management interface) 10 network

gi1 (non management interface) 172 network

site local devices that have not been migrated to the new 10 network communicate with their site local ise node via the gi1 interface. newly migrated devices are pointed to gi0 interface. one day... everything will point to the gi0 interface and the gi1 interface can go away...

to make things more complex, each site has their own rsa server. All of these rsa servers have been added to the ISE Primary admin node and seems to be working...

my question is this... what is the communication like between local site ise node and the local site rsa server?

I think the process looks similar to: 

Device on the 172 network request authentication > ISE gi1(172network) > ISE Node sends request out gi0 interface > RSA Server receives the request, approves/deny > RSA returns the communication back on the ISE gi0 interface > ISE permits or denies based  on the RSA information and sends communication out its gi1 (172 network) back to the original device.

is this a accurate assessment?