Solved: ISE server is unreachable from PI 2.2

Shivu b · ‎10-03-2016

Hi All,

ISE secondary server is unreachable from cisco Prime 2.2

However Primary and secondary its reachable via GUI and 443 ports are open in Firewall. for both server

Could you please suggest how can I fix the issue.

hslai · ‎10-06-2016

PI admin CLI should allow you to perform "telnet {IP|hostname} port 443" to verify whether HTTPS reachable at the target server from the PI server. Or, try a SPAN session to capture it.

In our lab setup, I am able to add the primary and secondary MnTs of an ISE 2.1 deployment to an PI 3.1. However, both Tim and I are in ISE product team so I would suggest you to reach out to PI support teams for further support.

View solution in original post

Timothy Abbott · ‎10-03-2016

Which version of ISE? Are you able to connect to the primary ISE server with prime?

Regards,

-Tim

Shivu b · ‎10-03-2016

Hi Timothy,

Thanks for your reply.

ISE version 1.4.0.253

ISE primary is added and reachable and ISE secondary is unreachable from Prime.

could not find logs in cisco prime 2.2.

Timothy Abbott · ‎10-04-2016

Thanks for the information. Since you weren't able to find any logs in Prime, would it be possible to review the firewall logs? This behavior sounds suspiciously like a firewall issue since the primary is reachable.

Regards,

-Tim

hslai · ‎10-06-2016

PI admin CLI should allow you to perform "telnet {IP|hostname} port 443" to verify whether HTTPS reachable at the target server from the PI server. Or, try a SPAN session to capture it.

In our lab setup, I am able to add the primary and secondary MnTs of an ISE 2.1 deployment to an PI 3.1. However, both Tim and I are in ISE product team so I would suggest you to reach out to PI support teams for further support.