Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
821
Views
5
Helpful
2
Replies

ISE Guest Hotspot Portal Redirection using HTTP

Florian P
Level 1
Level 1

‎08-31-2017 06:12 AM - edited ‎02-21-2020 10:33 AM

Hello everyone,

 

I have currently an issue with the Guest Hotspot Portal. Is it possible to force ISE to redirect the CWA flow using http ?

The issue is the following :

I am providing free WiFi access and ISE is used to authenticate external Guest with a Hotspot Portal (AP are configured in FlexConnect mode to keep all that trafic located in the branch office). The devices are of course unmanaged and redirected to the ISE's interface used in the portal (it is hence an internal IP with its associated FQDN). We have unfortunately no way to resolve this FQDN locally and the redirection is pointing on ISE's IP.

Since 10/2016 the Public Certificate Authorities have been refusing to sign SAN Certificate containing IP Adress. So a users are experiencing certificate errors before they can register on the portal.

 

Thanks for your help,

FPI

Labels:
0 Helpful
2 Replies 2

Marvin Rhoads
Hall of Fame
Hall of Fame

‎08-31-2017 10:19 AM

You can either allow your internal DNS server is the redirect ACL (if you assign that server via the DHCP options) or else create a public DNS A record for your ISE server's internal address and FQDN.

Florian P
Level 1
Level 1
In response to Marvin Rhoads

‎08-31-2017 11:44 PM

I would like to avoid allowing my internal DNS in the redirect ACL since it could reveal our internal DNS topology to Guest users. I am going to DNS public record pointing to ISE internal IP Address.

If there is any trouble with ... maybe DNS views could be an option.

0 Helpful
Customers Also Viewed These Support Documents