cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

510
Views
5
Helpful
3
Replies
manvik
Beginner

Secondary ISE auth requests

Can secondary ISE serve any authentication requests? Current setup is primary ISE at DC and secondary ISE at DR. 
Testing anyconnect VPN via DR. Since DR ISE is in a secondary role, can it server the authentication requests from DR ASA.

1 ACCEPTED SOLUTION

Accepted Solutions

@manvik Yes, you should be able to see the authentications in the DC ISE Logs. DC/DR are part of the same cluster, the Primary MnT will log traffic for any PSN in the cluster, regardless of where it is physically located.

View solution in original post

3 REPLIES 3
Rob Ingram
VIP Expert

@manvik I assume these ISE nodes part of the same cluster? If so, then as long as the secondary node is running the PSN persona then yes it can authenticate requests from the DR ASA. It's the configuration of the ASA which is configured with the PSN and which PSN to prefer.

yes, ISE nodes are part of same cluster. currently the authentication is not working, can DR ISE logs viewed from DC ISE in same cluster.

@manvik Yes, you should be able to see the authentications in the DC ISE Logs. DC/DR are part of the same cluster, the Primary MnT will log traffic for any PSN in the cluster, regardless of where it is physically located.

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars


Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube