Hi,
Has anyone been able to successfully deploy ISE in Azure using expressroute from on-premise to the cloud.
We have had ISE running in Azure for about 3-4 months now and have noticed a large amount of fragmentation using EAP-TLS.
The Cisco guide suggests a fix has been applied in East Asia and West Central US however it's not been applied to UK South where our VMs are located. We have also raised this with Microsoft support however they cannot tell us what fix this is or when it will be rolled out to our region.
We enquired about the "enable allow out-of-order-fragments" option however they said this could only be applied if the traffic is coming from the internet, not via expressroute or VPN which is obviously not going to work as we wouldn't send radius traffic straight over the internet! Other requirements include deploying VMs in a brand-new empty subscription and deploying to a Dv4 VM, again this is not possible as the VMs are already in use within an existing subscription.
It's incredibly frustrating as Cisco can't seem to provide much info on the workaround and Microsoft are just fobbing us off by saying that the information is from Cisco and not from them!
I'd be grateful if other members on this forum have successfully deployed ISE in Azure with connectivity via ER or VPN and not seen the fragmentation issues when using EAP-TLS.
TIA.
