Hello guys,

I'm looking for help on solving an issue I'm having.  Full disclaimer: I have taken over our ISE environment and in short the ISE Admin.  Also, the deployment happend prior to me joining my new company so alot of questions as to why this was deployed this way is basically pointless

So on to the discussion...  I have deployed a new PSN server in our DMZ environment so we can have guest wireless dropped in the DMZ.  Along with a anchor controller, and dhcp server in the DMZ.  I have rules allowing the DMZ PSN server to talk to our Internal DNS servers. 

Prior to the DMZ PSN deployment we have two MNT nodes, to Admin Nodes, and two PSN nodes all of which are internal.  I'm using the same cert that the two internal PSN nodes are using however I'll want to change that because they have internal/private certs.  My idea is to use a public cert for the DMZ PSN and go from there but I digress...

My issue is when I connect to the test SSID on the anchor controller I'm being redirected to the primary internal PSN sever rather than the external DMZ PSN server. I have modify the ACL on the anchor contoller to redirect web auths to the external DMZ PSN server.  My symptons are similiar to the post by Tomimma  "ISE 1.3: Guest Portal on distributed deployment. How can I choose a specific PSN" but i'm still having no luck.  I will be engaging TAC but I felt someone here might be able to solve my issue before it gets to TAC.

Much appreciated,
-Robert

p.s. this is great learning resource site!  Thank you for all the help!

So I finally figured out what was going on.  The Anchor and Internal controller were rejecting the radius key.  I deleted both the Anchor and Internal controller key.  Then deleted the NAD's and re- added them.  It took me a while but looking at the debugs sure helped

Thanks for the help guys!