Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
564
Views
0
Helpful
1
Replies

ISE Question

Go to solution
abhishekclub143
Level 1
Level 1

‎09-17-2013 12:58 PM - edited ‎03-10-2019 08:54 PM

  In ISE, For the Guest server, can a second NIC interface be used to physically connect the guest interface to a DMZ?  If so, can you provide a link?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ravi Singh
Level 7
Level 7

‎09-19-2013 03:33 PM

Running Guest off of another interface has not been  tested thus it

is not officially supported.  You will have the best chance running

Guest on Gig1 and your Profiler collection probes on Gig2 or Gig3.

Another problem with moving  guest portal to a second interface

is that there is currently no option to set a separate management and

guest certificate.  The management certificate is required to be

generated to the hostname of ISE.  That means you would have to have

your users in the DMZ get a DNS response for gig1 and the internal

subnets get a DNS response of gig0 for the same hostname.  I believe

this is the main reason we do not support moving the guest portal off of

gig0 at this time.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Ravi Singh
Level 7
Level 7

‎09-19-2013 03:33 PM

Running Guest off of another interface has not been  tested thus it

is not officially supported.  You will have the best chance running

Guest on Gig1 and your Profiler collection probes on Gig2 or Gig3.

Another problem with moving  guest portal to a second interface

is that there is currently no option to set a separate management and

guest certificate.  The management certificate is required to be

generated to the hostname of ISE.  That means you would have to have

your users in the DMZ get a DNS response for gig1 and the internal

subnets get a DNS response of gig0 for the same hostname.  I believe

this is the main reason we do not support moving the guest portal off of

gig0 at this time.

0 Helpful
Customers Also Viewed These Support Documents