cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1265
Views
20
Helpful
9
Replies
Highlighted
Beginner

ISE Express - Public and Private interfaces

I am rolling out ISE Express for our public guest wifi and so far it's been great. My problem is that I would like our Support Center to be able to connect to a management address to make changes without having to first jump on the guest wifi network.

I have setup two Ethernet interfaces and the necessary routing. When I connect to the Gi0's IP address on the public wifi network I'm presented with the ISE management page. When I connect from my desk to the internal management address on Gi1 I get a message of "Oops. Something went wrong. Access is denied, please contact your administrator."

Any ideas?

9 REPLIES 9
Rising star

Admin GUI is only accessible

Admin GUI is only accessible from gig0, not any other interface. you need to move your guest to the other interface, and then use gig0 for your management.

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/installation_guide/b_ise_InstallationGuide20/Cisco_SNS_3400_Series_Appliance_Ports_Reference.html#ID-1420-00000011

Beginner

Re: Admin GUI is only accessible

Hello friend, 

 

I´m facing same issue and I confirmed that the interfaces's being accessed is int g0 so it discards your comment. Any precise help will be appreciated. 

 

Sincerely, 

 

Horton

Hall of Fame Master

Re: Admin GUI is only accessible

@Horton

 

Can you restate your issue with all the details?

 

Since you got on an old thread it is unclear whether or not your conditions are the same as the original poster.

Beginner

Re: Admin GUI is only accessible

Thanks for your reply and will to help. I just installed ISE 2.3 in VM
environment. It went off just fine and shows all services running as
should. I can ping it and ssh into it.

The problem I face right now is that GUI does not get up. I simultaneously
get the iE Chrome and Firefox message saying " *Oops. Something went wrong*
*Access is denied , please contact your administrator".*


*The interface I am using is default G0. Nothing else.*

*This is the config on my unit:*


*ISE/admin# sh runGenerating configuration...!hostname ISE!ip
domain-name horton.com <>!ipv6 enable!interface
GigabitEthernet 0 ip address 192.168.200.25 255.255.255.0 ipv6 address
autoconfig ipv6 enable!ip name-server 192.168.200.99!ip default-gateway
192.168.200.1!!clock timezone UTC!ntp server time.nist.gov
<>!max-ssh-sessions 5!service sshd
enable!password-policy lower-case-required upper-case-required
digit-required no-username no-previous-password
password-expiration-enabled password-expiration-days 45
password-expiration-warning 30 min-password-length 4
password-lock-enabled password-lock-timeout 15 password-lock-retry-count
3!logging loglevel 6!conn-limit 5 port 9061conn-limit 10 port 9060!cdp
timer 60cdp holdtime 180cdp run GigabitEthernet 0!icmp echo
on!ISE/admin#Thanks! *

Hall of Fame Master

Re: Admin GUI is only accessible

Is this a new installation?

 

Did you change the IP address after running setup the first time? If so, we have seen this sometimes where the default self-signed server certificate needs to be regenerated.

Beginner

Re: Admin GUI is only accessible

Marvin, thanks for your reply. The IP has been effectively changed with no
success. How to I regenerate the self-signed certificate from CLI, I was
looking on web but no positive.
Hall of Fame Master

Re: Admin GUI is only accessible

In the case of a brand new ISE you need to re-initialize the system.

 

application reset-config ise

It will give you the option to reset the certificate. 

Beginner

Re: Admin GUI is only accessible

@Marvin Rhoads Thank you very much for you instantaneous and impeccable help. That immediately cured my issue. Give you five mate.

Hall of Fame Master

Re: Admin GUI is only accessible

You're welcome. I'm glad it worked for you.

 

Thanks for the kind words.

 

p.s Don't forget to change that default 45 days cli password expiration. I've had that one bite me once or twice.