Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1611
Views
1
Helpful
4
Replies

ISE server is unreachable from PI 2.2

Go to solution
Shivu b
Level 1
Level 1

‎10-03-2016 06:12 AM

Hi All,

ISE secondary server is unreachable from cisco Prime 2.2

However Primary and secondary its reachable via GUI and 443 ports are open in Firewall. for both server

Could you please suggest how can I fix the issue.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Shivu b

‎10-06-2016 08:29 PM

PI admin CLI should allow you to perform "telnet {IP|hostname} port 443" to verify whether HTTPS reachable at the target server from the PI server. Or, try a SPAN session to capture it.

In our lab setup, I am able to add the primary and secondary MnTs of an ISE 2.1 deployment to an PI 3.1. However, both Tim and I are in ISE product team so I would suggest you to reach out to PI support teams for further support.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee

‎10-03-2016 09:25 AM

Which version of ISE?  Are you able to connect to the primary ISE server with prime?

Regards,

-Tim

0 Helpful

Go to solution
Shivu b
Level 1
Level 1
In response to Timothy Abbott

‎10-03-2016 09:25 PM

Hi Timothy,

Thanks for your reply.

ISE version 1.4.0.253

ISE primary is added and reachable and ISE secondary is unreachable from Prime.

could not find logs in cisco prime 2.2.

Go to solution
Timothy Abbott
Cisco Employee
Cisco Employee
In response to Shivu b

‎10-04-2016 07:57 AM

Thanks for the information.  Since you weren't able to find any logs in Prime, would it be possible to review the firewall logs?  This behavior sounds suspiciously like a firewall issue since the primary is reachable.

Regards,

-Tim

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to Shivu b

‎10-06-2016 08:29 PM

PI admin CLI should allow you to perform "telnet {IP|hostname} port 443" to verify whether HTTPS reachable at the target server from the PI server. Or, try a SPAN session to capture it.

In our lab setup, I am able to add the primary and secondary MnTs of an ISE 2.1 deployment to an PI 3.1. However, both Tim and I are in ISE product team so I would suggest you to reach out to PI support teams for further support.

0 Helpful
Top