Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4989
Views
0
Helpful
5
Replies

ISE Domain Name, Certificates and Guest Portal

Go to solution
Mark H
Level 1
Level 1

‎02-05-2014 10:34 PM - edited ‎03-10-2019 09:21 PM

Hi everyone,

We have an ISE deployment using our internal domain for its FQDN (For example: ise01.private.local). We now want to use it for authenticating guest access and have noticed the redirection URL by default uses the FQDN of the ISE server.

This works fine for our corporate machines as we have our own internal CA and generated certificates. As we do not want certificate errors occurring for our guests, we need to use a public FQDN.

Are we best off changing the domain-name used by the ISE servers or is there a way to edit the redirection URL to use a custom domain?

I have heard suggestions that changing the domain-name is unsupported, but I can't find any other way.

Thanks,
Mark

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎02-06-2014 04:55 AM

Mark,

Do you already have a public FQDN pointing to your ISE?  If so, let's assume that you are authenticating guests using CWA.  First creat a new Authorization Profile, under Common Tasks, select Web Redirection (CWA, DRW, MDM, NSP, CPP), Choose the Authentication Method (in this case, CWA) and define the ACL to be used.  Just below that, select Static IP/Host Name and enter the public FQDN that points to your ISE.

CWA_REDIRECT.GIF

From here you can create an Authorization Policy to reference the profile you just created.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Saurav Lodh
Level 7
Level 7

‎02-06-2014 12:35 AM

Please follow the below discussion

https://supportforums.cisco.com/thread/2238211

0 Helpful

Go to solution
Mark H
Level 1
Level 1
In response to Saurav Lodh

‎02-06-2014 12:55 AM

Thanks Saurav.

Am I meant to be looking at different pages though?

Page 80 is about "Menu Options Available on Primary and Secondary Nodes" and page 241 is about the restore command. I can only find "Changing the Hostname or IP Address of a Standalone Cisco ISE Node" on page 89.

0 Helpful

Go to solution
kaaftab
Level 4
Level 4

‎02-06-2014 02:58 AM

well it is highly not recommed i would suggest a bare metal intallation for this and if changing the domain name only option try opening a TAC cases and coordinate with them.

0 Helpful

Go to solution
Charlie Moreton
Cisco Employee
Cisco Employee

‎02-06-2014 04:55 AM

Mark,

Do you already have a public FQDN pointing to your ISE?  If so, let's assume that you are authenticating guests using CWA.  First creat a new Authorization Profile, under Common Tasks, select Web Redirection (CWA, DRW, MDM, NSP, CPP), Choose the Authentication Method (in this case, CWA) and define the ACL to be used.  Just below that, select Static IP/Host Name and enter the public FQDN that points to your ISE.

CWA_REDIRECT.GIF

From here you can create an Authorization Policy to reference the profile you just created.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

0 Helpful

Go to solution
Mark H
Level 1
Level 1
In response to Charlie Moreton

‎02-06-2014 02:30 PM

Outstanding Charles, thank you! Exactly what I was hoping for.

0 Helpful
Customers Also Viewed These Support Documents