cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1107
Views
0
Helpful
4
Replies

ISE GUI cannot login when Nat is used

miket
Level 5
Level 5

I can login into ISE GUI when I am in same subnet example if ISE was 172.16.100.10 and my laptop is 172.16.90.10 all is perfect when I nat it to get on the network I hit the GUI enter ID and Password and the screen just refreshes.

I cannot see anything wrong  I have a callmanager setup the same way and all is fine..

Any ideas????                  

4 Replies 4

Tarik Admani
VIP Alumni
VIP Alumni

Are you trying to hide the identity of the ise node by using a static nat rule? So when you try to access the ise using the natted address it doesn't respond?

Thanks,

Sent from Cisco Technical Support iPad App

Yes it is a static nat.. Cisco and IBM have an ISE demo lab so it is a private network  thats why NAT. I get to the web page and if I do not enter password I get a pop up saying password required.

If I put bad password or good the page just refreshes.

NCS works VSPHERE into a UCS no problems just the ISE gui,

Any thoughts how we can do this?

I checked the documentation and the only NAT restrictions I found was related to AD, however if you are inside the network and bypass NAT you can login via the real ip address. Do you have any ip restrictions set on the admin interface?

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_man_identities.html#wp1113953

thanks,

Tarik Admani
*Please rate helpful posts*

Thanks for quick replies I can get to it from any subnet that is a routable subnet to get to the ISE box  Once you get on the other side of the nat router it fails.. NCS works just tried. I dont think so but i will double check. So basically NAT looks to be the issue I had another guy check nat and it is so basic there is nothing interfering.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: