11-20-2014 02:24 PM - edited 07-05-2021 01:59 AM
Hi, I just tried to connect cisco PI 2.1 to cisco ISE 1.3, but fails.
I read the release Notes, only ISE 1.2 ist supported.
But I was wondering that the ssl handshake fails (I have done a packet capture).
So PI 2.1 has not tried to connect to ise 1.3 via api, because of the connection fails at the ssl handshake stage.
Anyway, does anybody know if ISE 1.3 will be supported with PI 2.2 or a version of PI 2.1.x ?
Solved! Go to Solution.
11-20-2014 03:51 PM
CPI 2.1.2 supports up to ISE 1.2. CPI 2.2 release date is scheduled for December 2014. Read below.
Table 4 Cisco Prime Infrastructure and Cisco Wireless Release Compatibility Matrix
11-20-2014 03:51 PM
CPI 2.1.2 supports up to ISE 1.2. CPI 2.2 release date is scheduled for December 2014. Read below.
Table 4 Cisco Prime Infrastructure and Cisco Wireless Release Compatibility Matrix
12-02-2014 03:36 AM
Why doesn't the REST API communication in Prime 2.1 (2.1.0.0.87) support TLS? The platform itself seem to be able to handle TLS-DHE-RSA with AES-128-CBC-SHA. Why is it trying to use SSLv2 ?
These protocol is incompatible and very much outdated: http://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0.2C_2.0_and_3.0
Can this behavour be reconfigured in CLI or at least be allowed in ISE 1.3 to make a workaround until a working patch or upgrade is done? Could or should adding the Cisco Prime server as managed node in ISE circumvent the incompability?
12-02-2014 09:49 AM
You are right I have not seen that in my trace. Cisco Prime 2.1 really tries sslv2.
Also using PI Version Identifier 2.1.0.0.87.
If there ist basic security implemented in the product I think older, supported ise Versions (1.1 or 1.2) should not work also.
So it seems to be a bug, not a unsupported product matrix.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide