Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7976
Views
0
Helpful
1
Replies

ISE routing

Go to solution
jphilp
Level 1
Level 1

‎05-21-2017 12:55 PM

I have two independent AD domains and traffic must not merge. It is possible to route to two different AD servers out of two different interfaces on the ISE? Is it just a case of putting a static route to one AD server out of one interface and a route to another server out of another interface?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎05-21-2017 04:47 PM

Yes.  You can't specify the interface by name (e.g. GigabitEthernet1) but you specify the IP address of the next-hop router of the interface's subnet.  e.g. on a PSN you may have

GigabitEthernet 0
        inet 192.168.21.101  netmask 255.255.255.0  broadcast 192.168.21.255

GigabitEthernet 1

        inet 10.10.10.11  netmask 255.255.255.0  broadcast 10.10.10.255

Let's say your AD server was 172.16.1.100 and this subnet is not reachable via the current default gateway configuration.

And let's say the default router for your new subnet 10.10.10.0/24 is 10.10.10.10, then you have three ways of solving your requirement:

Set a static host route for that AD server:

ip route 172.16.1.100 255.255.255.255 gateway 10.10.10.11

or

Set a static network route for the entire 172.16.1.0/24 subnet

ip route 172.16.1.0 255.255.255.0 gateway 10.10.10.11

or

Or set a second default gateway that will route out of the second interface

ip route 0.0.0.0 0.0.0.0 gateway 10.10.10.10

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Arne Bier
VIP
VIP

‎05-21-2017 04:47 PM

Yes.  You can't specify the interface by name (e.g. GigabitEthernet1) but you specify the IP address of the next-hop router of the interface's subnet.  e.g. on a PSN you may have

GigabitEthernet 0
        inet 192.168.21.101  netmask 255.255.255.0  broadcast 192.168.21.255

GigabitEthernet 1

        inet 10.10.10.11  netmask 255.255.255.0  broadcast 10.10.10.255

Let's say your AD server was 172.16.1.100 and this subnet is not reachable via the current default gateway configuration.

And let's say the default router for your new subnet 10.10.10.0/24 is 10.10.10.10, then you have three ways of solving your requirement:

Set a static host route for that AD server:

ip route 172.16.1.100 255.255.255.255 gateway 10.10.10.11

or

Set a static network route for the entire 172.16.1.0/24 subnet

ip route 172.16.1.0 255.255.255.0 gateway 10.10.10.11

or

Or set a second default gateway that will route out of the second interface

ip route 0.0.0.0 0.0.0.0 gateway 10.10.10.10

0 Helpful
Customers Also Viewed These Support Documents