Cisco ISE is causing a denial-of-service effect on a MS DC
We are installing a PoC at a customer site and I have installed a Cisco ISE evaluation in a Vmware ESX environment.
I had only done a very basic configuration and joined the Cisco ISE to the domain. After a couple of days we got reports of a domain controller behaving very strange, customer could not logon to the DC and when sending a ping there where 50% packet loss.
Customer noticed that the Cisco ISE was very cpu intensive and was running at 100% and the same second the Cisco ISE appliance was reset, the domain controller started to respond again.
Well, that was kind of strange we thinked and believed it was just a coincident, but after some days again the same thing happened but on another DC, and we shutdown the ISE and all was good again.
Started up the Cisco ISE and removed it from the domain, it has not happened since then.
Because this is an evaluation version I have not managed to create a TAC case because they want a contract number and who has a contract number for an evaluation version.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...