cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1512
Views
5
Helpful
3
Replies

ISE Guest portal redirect

KevinR99
Level 1
Level 1

Hi

I am testing the built in Guest portals on ISE.  I have enabled a sponsor portal on Gig1 using port 8001 and created the appropriate policies to redirect to this.  The 1st client I test starts to redirect but then fails because it can't reach the portal.

I've checked and the client is assigned an address on the same subnet as the portal so there is no routing issues.  In the authorization profile I've specified the ISE G1 IP address and port to miss out DNS until I get direct IP address access working.  When I do a wireshark capture on the device I can see it send a SYN to the ISE Gig1 address on the correct port but the ISE immediately responds with a reset.  The client tries again and the ISE responds the same.  So it seems the ISE is not accepting connections on the Gig1 address and portal port.

At the moment this is a VM ISE running on an eval license so not fully licensed if that is of any relevance.

Any suggestions would be appreciated.

 

Thanks as always, Kev.

1 Accepted Solution

Accepted Solutions

KevinR99
Level 1
Level 1

Charlie

Thank you for your response.  I've actually resolved the redirect issue by simply changing the port it is hosted on.  Nothing else.  My redirect ACL did include the failing and new port so I didn't change anything there.  In fact, when it was failing I could see hits on the ACL and from wireshark on a device I could see I was being redirected.  The ISE was just refusing the connection.  Changing the port has resolved that.  As a test I may change back to the original port to see what happens.  During the issue from the ISE CLI I could see from "show ports" that it was listening on the correct IP address and port.  A telnet test to the port failed too.  Very strange but it's working now so I'm going to continue to the next stage of using DNS and redirecting to a FQDN.  No doubt I'll have other challenges to resolve so I may put other questions in here but in the meantime thank you for replying.

Kev.

View solution in original post

3 Replies 3

Charlie Moreton
Cisco Employee
Cisco Employee

Please share your Web Redirection and Attributes Details from your Authorization Profile as well as the Portal Settings of your portal and the ACLs used

Eval license has no bearing on anything.  There are no limitations to the eval licenses.

KevinR99
Level 1
Level 1

Charlie

Thank you for your response.  I've actually resolved the redirect issue by simply changing the port it is hosted on.  Nothing else.  My redirect ACL did include the failing and new port so I didn't change anything there.  In fact, when it was failing I could see hits on the ACL and from wireshark on a device I could see I was being redirected.  The ISE was just refusing the connection.  Changing the port has resolved that.  As a test I may change back to the original port to see what happens.  During the issue from the ISE CLI I could see from "show ports" that it was listening on the correct IP address and port.  A telnet test to the port failed too.  Very strange but it's working now so I'm going to continue to the next stage of using DNS and redirecting to a FQDN.  No doubt I'll have other challenges to resolve so I may put other questions in here but in the meantime thank you for replying.

Kev.

I remember running into a similar issue some time ago, and if memory serves I resolved the issue by changing temporarily the certificates group association to something else, and then re-associating it again to the original certificates group.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: