04-19-2019 03:51 PM - edited 04-19-2019 03:51 PM
Hello community,
Is it possible to use public DNS for ISE guest splash page. If not possible how would I handle this? We have an api that users need to access while on site, but we do not want to open access to the private IP. We want them to go out to the internet and back in. Is it possible to do both with a public DNS server? We currently use internal DNS for guest, they are unable to access the api without opening a hole in the firewall which we do not want to do.
thank you,
Solved! Go to Solution.
04-20-2019 11:24 AM
What you want to do is definitely supported. One way I have seen it done is to place internal IP's in the external DNS, then rely on "leak" of guest redirection traffic to an internal ISE node, or DMZ. At the end of the day the user needs to resolve the hostname, and be able to reach the web portal.
An alternate could be what Arne posted over here recently.
https://community.cisco.com/t5/identity-services-engine-ise/ise-guest-and-dns/m-p/3839857/highlight/true#M25895
04-19-2019 07:04 PM
04-19-2019 07:27 PM
04-20-2019 11:24 AM
What you want to do is definitely supported. One way I have seen it done is to place internal IP's in the external DNS, then rely on "leak" of guest redirection traffic to an internal ISE node, or DMZ. At the end of the day the user needs to resolve the hostname, and be able to reach the web portal.
An alternate could be what Arne posted over here recently.
https://community.cisco.com/t5/identity-services-engine-ise/ise-guest-and-dns/m-p/3839857/highlight/true#M25895
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide