Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
183
Views
2
Helpful
6
Replies

Support Request – Accessing ISE from Internet for Meraki Integration

mdieng
Community Member

‎07-17-2025 01:48 AM

Hello,

I have deployed Cisco ISE on my private cloud using the VMware platform. The inbound management interface is configured with a private IP address on GigabitEthernet0. I have also configured a second interface, GigabitEthernet1, placed in my DMZ zone, with a private IP address that is NATed to a public IP.

My objective is to:

  • Access the ISE from the internet using the public IP.

  • Integrate and manage my Meraki equipment with ISE from the internet.

  • Configure the Meraki access points’ captive portal using ISE.

The ISE is successfully integrated with my Active Directory.

However, when I attempt to Telnet to ports 443, 1812, and 1813 on the public IP address (which is NATed to the ISE's DMZ interface), the connection fails.

I would appreciate your support in identifying and resolving the issue.

Best regards,

0 Helpful
6 Replies 6

maguatte.dieng
Level 1
Level 1

‎07-17-2025 01:55 AM

Hello,

I have deployed Cisco ISE on my private cloud using the VMware platform. The inbound management interface is configured with a private IP address on GigabitEthernet0. I have also configured a second interface, GigabitEthernet1, placed in my DMZ zone, with a private IP address that is NATed to a public IP.

My objective is to:

  • Access the ISE from the internet using the public IP.

  • Integrate and manage my Meraki equipment with ISE from the internet.

  • Configure the Meraki access points’ captive portal using ISE.

The ISE is successfully integrated with my Active Directory.

However, when I attempt to Telnet to ports 443, 1812, and 1813 on the public IP address (which is NATed to the ISE's DMZ interface), the connection fails.

I would appreciate your support in identifying and resolving the issue.

0 Helpful

Jonatan Jonasson
Level 4
Level 4

‎07-17-2025 02:12 AM

#1 - Is your firewall allowing this traffic and have you verified in the firewall logs that you see the inbound connections and they are allowed?

#2 - Is your default route through G0 or G1 ? Return traffic from the internet sourced connections need to return the same way, otherwise your firewall may be dropping the session.
(The same thing goes while testing - are you testing from an internal computer or from an external computer? Depending on your setup you might be running into asymmetric traffic.)

And be mindful about any security implications of exposing your ISE in this manner.
(You should be able to integrate Meraki captive portal and ISE without exposing the ISE to the internet? - https://documentation.meraki.com/MR/Encryption_and_Authentication/CWA_-_Central_Web_Authentication_with_Cisco_ISE)

---
Please mark helpful answers & solutions
---

maguatte.dieng
Level 1
Level 1
In response to Jonatan Jonasson

‎07-17-2025 02:56 AM

Thanks Jonatan for the quick reponse

#1 - Is your firewall allowing this traffic and have you verified in the firewall logs that you see the inbound connections and they are allowed?  Yes  , my firewall allowing the trafic .

 

#2 - Is your default route through G0 or G1 ? Return traffic from the internet sourced connections need to return the same way, otherwise your firewall may be dropping the session.: the 1 to 1 NAt is configured 

 

maguattedieng_0-1752745676221.png

ise/admin#show ip route

Destination Gateway Iface
----------- ------- -----
10.0.97.0/28 0.0.0.0 eth0
10.0.111.0/24 10.0.97.1 eth0
10.0.111.128/25 10.0.97.1 eth0
169.254.4.0/24 0.0.0.0 podman2
192.168.99.0/24 10.0.97.1 eth0
172.16.11.0/28 0.0.0.0 eth1
default 172.16.11.1 eth1
169.254.2.0/24 0.0.0.0 podman1
169.254.6.0/24 0.0.0.0 podman3
ise/admin#

I m testing from an external computer using the public IP Nated 

MHM Cisco World
VIP
VIP
In response to maguatte.dieng

‎07-17-2025 03:35 AM

Screenshot (283).png

0 Helpful

wajidhassan
Level 4
Level 4

‎07-17-2025 03:26 AM

Hi @mdieng ,

Thanks for outlining the setup. Since Telnet to ports 443, 1812, and 1813 on the public IP is failing, please verify the following:

  1. NAT and Firewall Rules – Ensure NAT is properly translating the public IP to the DMZ interface and that firewall rules allow inbound traffic on these ports.

  2. ISE Interface Permissions – Confirm that GigabitEthernet1 (DMZ) is enabled for HTTPS and RADIUS services.

  3. Routing – Ensure the return traffic from ISE to the internet is routed via the correct gateway.

  4. Port Listening – On ISE, check that services are listening on the expected ports using netstat or similar.

Hopefully, these checks will help resolve the issue.

0 Helpful

maguatte.dieng
Level 1
Level 1
In response to wajidhassan

‎07-17-2025 03:52 AM

Thanks for the answer 

How to verify the Port Listening – On ISE ? ,  netstat command is not working on the ISE 

below the ISe service status 

maguattedieng_0-1752749470529.png

 

0 Helpful
Customers Also Viewed These Support Documents