I want to migrate our Guestwifi network into a new design and manage all users whether internal or Guest from ISE. Currently our NAC Server on a separate DMZ this NAC hosted with a public certificate only seen by Guestusers. The SSID is open and Guests simply click on a webpage Wireless Controller breaks off to the Srv Mrg>DMZ NAC Srv and the external cert appears with the login template and NAC acts as a DHCP Sever.
My plan is to remove the NAC Server, NAC Mrg (Clean Access Srg) and NAC Guest Server for Guests and replace with ISE, that way I can set a security policy separate from my BYOD & Corp Wireless network, I know with ISE you can integrate with Microsoft AD and load certs on user devices for internal users, however can I replace the NAC Server with a public certificate hosted on the ISE that act like a NAC server (i.e - can the ISE act like a NAC Srv) or does the ISE need to fetch a cert from a CA server. This will be difficult for me as I want them to access the external veri sign cert not a cert hosted internally from our CA Server?