cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4477
Views
0
Helpful
5
Replies

ISE Domain Name, Certificates and Guest Portal

Mark H
Level 1
Level 1

Hi everyone,

We have an ISE deployment using our internal domain for its FQDN (For example: ise01.private.local). We now want to use it for authenticating guest access and have noticed the redirection URL by default uses the FQDN of the ISE server.

This works fine for our corporate machines as we have our own internal CA and generated certificates. As we do not want certificate errors occurring for our guests, we need to use a public FQDN.

Are we best off changing the domain-name used by the ISE servers or is there a way to edit the redirection URL to use a custom domain?

I have heard suggestions that changing the domain-name is unsupported, but I can't find any other way.

Thanks,
Mark

1 Accepted Solution

Accepted Solutions

Charlie Moreton
Cisco Employee
Cisco Employee

Mark,

Do you already have a public FQDN pointing to your ISE?  If so, let's assume that you are authenticating guests using CWA.  First creat a new Authorization Profile, under Common Tasks, select Web Redirection (CWA, DRW, MDM, NSP, CPP), Choose the Authentication Method (in this case, CWA) and define the ACL to be used.  Just below that, select Static IP/Host Name and enter the public FQDN that points to your ISE.

CWA_REDIRECT.GIF

From here you can create an Authorization Policy to reference the profile you just created.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

View solution in original post

5 Replies 5

Saurav Lodh
Level 7
Level 7

Please follow the below discussion

https://supportforums.cisco.com/thread/2238211

Thanks Saurav.

Am I meant to be looking at different pages though?

Page 80 is about "Menu Options Available on Primary and Secondary Nodes" and page 241 is about the restore command. I can only find "Changing the Hostname or IP Address of a Standalone Cisco ISE Node" on page 89.

kaaftab
Level 4
Level 4

well it is highly not recommed i would suggest a bare metal intallation for this and if changing the domain name only option try opening a TAC cases and coordinate with them.

Charlie Moreton
Cisco Employee
Cisco Employee

Mark,

Do you already have a public FQDN pointing to your ISE?  If so, let's assume that you are authenticating guests using CWA.  First creat a new Authorization Profile, under Common Tasks, select Web Redirection (CWA, DRW, MDM, NSP, CPP), Choose the Authentication Method (in this case, CWA) and define the ACL to be used.  Just below that, select Static IP/Host Name and enter the public FQDN that points to your ISE.

CWA_REDIRECT.GIF

From here you can create an Authorization Policy to reference the profile you just created.

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

Outstanding Charles, thank you! Exactly what I was hoping for.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: