collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: New PSN spun up to drop guest wirless in DMZ  (Read 991 times)

Offline robalvarado

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 0
    • View Profile
  • Certification: CCNA
New PSN spun up to drop guest wirless in DMZ
« on: May 31, 2017, 12:30:33 PM »
Hello guys,

I'm looking for help on solving an issue I'm having.  Full disclaimer: I have taken over our ISE environment and in short the ISE Admin.  Also, the deployment happend prior to me joining my new company so alot of questions as to why this was deployed this way is basically pointless :)

So on to the discussion...  I have deployed a new PSN server in our DMZ environment so we can have guest wireless dropped in the DMZ.  Along with a anchor controller, and dhcp server in the DMZ.  I have rules allowing the DMZ PSN server to talk to our Internal DNS servers. 

Prior to the DMZ PSN deployment we have two MNT nodes, to Admin Nodes, and two PSN nodes all of which are internal.  I'm using the same cert that the two internal PSN nodes are using however I'll want to change that because they have internal/private certs.  My idea is to use a public cert for the DMZ PSN and go from there but I digress...

My issue is when I connect to the test SSID on the anchor controller I'm being redirected to the primary internal PSN sever rather than the external DMZ PSN server. I have modify the ACL on the anchor contoller to redirect web auths to the external DMZ PSN server.  My symptons are similiar to the post by Tomimma  "ISE 1.3: Guest Portal on distributed deployment. How can I choose a specific PSN" but i'm still having no luck.  I will be engaging TAC but I felt someone here might be able to solve my issue before it gets to TAC.

Much appreciated,
-Robert

p.s. this is great learning resource site!  Thank you for all the help!

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 373
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
    • View Profile
  • Certification: CCIE
Re: New PSN spun up to drop guest wirless in DMZ
« Reply #1 on: June 01, 2017, 10:30:46 PM »
Hi Robert, On your guest SSID, what's the IP of RADIUS server you have it pointing to? Please make sure it is pointing to DMZ PSN only.

Offline robalvarado

  • Cisco Newbie
  • *
  • Posts: 2
  • Reputation: 0
    • View Profile
  • Certification: CCNA
Re: New PSN spun up to drop guest wirless in DMZ
« Reply #2 on: June 14, 2017, 12:19:25 PM »
So I finally figured out what was going on.  The Anchor and Internal controller were rejecting the radius key.  I deleted both the Anchor and Internal controller key.  Then deleted the NAD's and re- added them.  It took me a while but looking at the debugs sure helped :)

Thanks for the help guys!
« Last Edit: June 14, 2017, 12:26:07 PM by robalvarado »

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 373
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
    • View Profile
  • Certification: CCIE
Re: New PSN spun up to drop guest wirless in DMZ
« Reply #3 on: June 15, 2017, 11:16:03 PM »
Great.. Simple enough.. Glad it worked out  and thanks for the update.  ;)

 

Related Topics

  Subject / Started by Replies Last post
3 Replies
3990 Views
Last post June 30, 2014, 11:06:30 PM
by MC
2 Replies
2890 Views
Last post January 04, 2015, 11:27:06 AM
by maiquel
1 Replies
1161 Views
Last post June 05, 2015, 08:56:46 PM
by MC
3 Replies
1257 Views
Last post December 26, 2016, 09:22:24 PM
by MC
1 Replies
606 Views
Last post May 19, 2017, 02:32:06 PM
by MC

SimplePortal 2.3.5 © 2008-2012, SimplePortal