@John Bautista is ESP blocked between the peers (a packet capture will confirm this)?
192.100.0.0/16 is not a private network, I assume you meant a public network.
@John Bautista so one side the encaps counters are increasing, are the decaps counters increasing on the other side? Provide the output of "show crypto ipsec sa" from both sides for comparison.
Is this static route correct? route Site_B 192.100.0.0 2...
@CCC3 only replacing the admin certificate requires the ISE application services to restart. Renewing the EAP authentication certificate will not require downtime.
@alliasneo1
What about the voice-domain permission pushed down to the NAD?
Your dot1x tx-period is not excessively long, so I would not expect the endpoint to time out waiting for a DHCP request. I've a customer with also with mitel phones and tx-per...