07-31-2012 08:13 AM - edited 03-10-2019 07:21 PM
I can login into ISE GUI when I am in same subnet example if ISE was 172.16.100.10 and my laptop is 172.16.90.10 all is perfect when I nat it to get on the network I hit the GUI enter ID and Password and the screen just refreshes.
I cannot see anything wrong I have a callmanager setup the same way and all is fine..
Any ideas????
08-01-2012 04:03 AM
Are you trying to hide the identity of the ise node by using a static nat rule? So when you try to access the ise using the natted address it doesn't respond?
Thanks,
Sent from Cisco Technical Support iPad App
08-01-2012 07:50 AM
Yes it is a static nat.. Cisco and IBM have an ISE demo lab so it is a private network thats why NAT. I get to the web page and if I do not enter password I get a pop up saying password required.
If I put bad password or good the page just refreshes.
NCS works VSPHERE into a UCS no problems just the ISE gui,
Any thoughts how we can do this?
08-01-2012 08:00 AM
I checked the documentation and the only NAT restrictions I found was related to AD, however if you are inside the network and bypass NAT you can login via the real ip address. Do you have any ip restrictions set on the admin interface?
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_identities.html#wp1113953
thanks,
Tarik Admani
*Please rate helpful posts*
08-01-2012 08:06 AM
Thanks for quick replies I can get to it from any subnet that is a routable subnet to get to the ISE box Once you get on the other side of the nat router it fails.. NCS works just tried. I dont think so but i will double check. So basically NAT looks to be the issue I had another guy check nat and it is so basic there is nothing interfering.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide