Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
943
Views
4
Helpful
3
Replies

Cisco ISE Deployment suggestion required

sachin.sg
Level 1
Level 1

‎12-13-2012 10:15 PM - edited ‎03-10-2019 07:53 PM

Require Assistance on Cisco ISE Deployment for below scenario

-- We have Three Cisco ISE Appliances and Client has taken Advance Subscription License for 500 users

-- Client has DC & DR and needs to deploy the Cisco ISE in one Main Office which connects to DC & DR on MPLS Links

-- Client suggestion was to deploy one ISE node ( Admin + M&T + Policy Server ) in DC and its Standby Secondary in DR

     and only deploy Policy Server in Main Office.

     Idea behind the design is that ,

     1) If DC fails , Cisco ISE related logs will get generated on DR and any Cisco ISE related request will be taken care by Local Policy Server in Main Office .

      2) If Local Policy Server Fails , then ISE node in DC will act as Secondary backup and DR will act Teritary Backup

      below is view

                                     DC

                        Primary Node with Role

                   [Admin , M&T , Policy Server]

                                                                                                             Main Remote Offic

                                                                                                              Cisco ISE Node ( Only Policy Server) -----------> Network Devices

                               DR

                       Secondary   Node with Role

                   [Admin , M&T , Policy Server]

Please let me know is it possible

Labels:
0 Helpful
3 Replies 3

Peter Koltl
Level 7
Level 7

‎12-15-2012 01:20 PM

Seems to be OK but you will have to add all 3 PSNs to your network devices as RADIUS servers.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to Peter Koltl

‎12-16-2012 05:11 PM

I agree with Peter, your design looks fine. You will just have to add all PSNs to your NADs. You can potentially do a "poor's man solution of load balancing" by either making one of the PSNs primary for wired and the other primary for wirelesses. Or half of your NADs to have PSN 1 for primary and the other half would have PSN 2 for primary, etc.

Hope this helps...

Thanks for rating!

vikasyad
Level 1
Level 1

‎05-21-2013 03:54 PM

Yes, The scenario is quite achievable also please  review the below link for assistance on deployment of ISE.

http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_50_ise_deployment_tg.pdf

http://www.cisco.com/en/US/docs/security/ise/1.0/install_guide/ise10_deploy.pdf

0 Helpful
Customers Also Viewed These Support Documents