05-11-2018 07:52 AM
Hello,
I am configuring BYOD flow in my lab with the following details:
1) Wired scenario (the flow and everything was working well with previous version of ISE, so I assume the switch configuration is ok.
2) I have upgraded to ISE 2.4 and rebuilding the configuration there
3) My ISE is dual homed. Admin access on eth0, and RADIUS on eth1.
4) User is logging on guest portal with AD account and from there redirected to onboarding
5) I have enabled all the portals only on eth1
6) When I go through the flow I get to run the NSA portal fine, but then I have a message that I fail downloading the profile, and it seems that the problem is in setting up the https connection from the message I have on the client log file
I tried with IP address and FWDN in the redirection, and both have issues.
I have imported the root CA signing the ISE cert in the client trust store
The time client to ISE is in sync.
The PSN Certificates contains the FQDN and and IP address i the SAN.
Any idea on how to proceed?
Thanks
Solved! Go to Solution.
05-14-2018 02:34 AM
Hi Hslai,
thanks a lot.
At the end I found out that the problem was that my IE was configured to nly work with TLS 1.0 and not 1.1 or 1.2. Once I enabled them the profile was downloaded fine.
Thanks
05-11-2018 09:21 AM
I can think of two things you might try to get more info:
05-13-2018 07:26 PM
Please try restarting ISE services and trying it again. If it works, then it seems hitting CSCvj42833.
05-14-2018 02:34 AM
Hi Hslai,
thanks a lot.
At the end I found out that the problem was that my IE was configured to nly work with TLS 1.0 and not 1.1 or 1.2. Once I enabled them the profile was downloaded fine.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide