Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE Domain Name, Certificates and Guest Portal

Hi everyone,

We have an ISE deployment using our internal domain for its FQDN (For example: ise01.private.local). We now want to use it for authenticating guest access and have noticed the redirection URL by default uses the FQDN of the ISE server.

This works fine for our corporate machines as we have our own internal CA and generated certificates. As we do not want certificate errors occurring for our guests, we need to use a public FQDN.

Are we best off changing the domain-name used by the ISE servers or is there a way to edit the redirection URL to use a custom domain?

I have heard suggestions that changing the domain-name is unsupported, but I can't find any other way.

Thanks,
Mark

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE Domain Name, Certificates and Guest Portal

Mark,

Do you already have a public FQDN pointing to your ISE?  If so, let's assume that you are authenticating guests using CWA.  First creat a new Authorization Profile, under Common Tasks, select Web Redirection (CWA, DRW, MDM, NSP, CPP), Choose the Authentication Method (in this case, CWA) and define the ACL to be used.  Just below that, select Static IP/Host Name and enter the public FQDN that points to your ISE.

CWA_REDIRECT.GIF

From here you can create an Authorization Policy to reference the profile you just created.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

5 REPLIES

ISE Domain Name, Certificates and Guest Portal

Please follow the below discussion

https://supportforums.cisco.com/thread/2238211

New Member

ISE Domain Name, Certificates and Guest Portal

Thanks Saurav.

Am I meant to be looking at different pages though?

Page 80 is about "Menu Options Available on Primary and Secondary Nodes" and page 241 is about the restore command. I can only find "Changing the Hostname or IP Address of a Standalone Cisco ISE Node" on page 89.

Silver

ISE Domain Name, Certificates and Guest Portal

well it is highly not recommed i would suggest a bare metal intallation for this and if changing the domain name only option try opening a TAC cases and coordinate with them.

Cisco Employee

Re: ISE Domain Name, Certificates and Guest Portal

Mark,

Do you already have a public FQDN pointing to your ISE?  If so, let's assume that you are authenticating guests using CWA.  First creat a new Authorization Profile, under Common Tasks, select Web Redirection (CWA, DRW, MDM, NSP, CPP), Choose the Authentication Method (in this case, CWA) and define the ACL to be used.  Just below that, select Static IP/Host Name and enter the public FQDN that points to your ISE.

CWA_REDIRECT.GIF

From here you can create an Authorization Policy to reference the profile you just created.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

New Member

Re: ISE Domain Name, Certificates and Guest Portal

Outstanding Charles, thank you! Exactly what I was hoping for.

995
Views
0
Helpful
5
Replies
CreatePlease login to create content