Lab Minutes Forum
Technical Discussion => Security => Topic started by: spark_rod on June 12, 2014, 06:14:09 PM
-
Hi, is it possible to change the guest portal url for cwa? The customer requirement is not to allow guest users to acccess the internal dns for which the ise nodes dns is in. They give the public dns and create another dns entry for ise nodes so when guest coonected to guest ssid they can resolve the fqdn using the public dns. Internal dns and public dns are different. Please advice if possible how to do it. Thanks
-
I don't think you can change the guest URL. If guest user will have access directly to ISE internal IP then you can just create duplicate DNS entry on the public DNS server (use public NAT IP as appropriate). Otherwise, you can try to use a second NIC on ISE PSN, put it on the network that guest can access like DMZ, give it a new IP, and create a corresponding DNS entries on public DNS server.
-
Hi MC,
Thanks for the reply.
The actual scenario is, the users will be given the 8.8.8.8 DNS once connected to Guest SSID. They have a public DNS which is hosted by the ISP and Internal DNS which is hosted internally. We have entry from internal dns for the ISE's. Are you suggesting to create same entry as the internal dns for ISE to the public DNS which is hosted by the ISP? Will the users with dns 8.8.8.8 can still access the guest portal? Please confirm.
Thanks
-
You can certainly do that as long as you use the same domain for both internal and external. The next question would be, how will you allow guest user to hit the ISE PSN node as part of the URL redirect (TCP/8443) assuming your PSN resides only in the internal network.