ISE - Loss of All Nodes in a Distributed Deployment, Recovery Using New IP Addresses and Hostnames
I have a question regarding ISE disaster recovery with same hostname and IP. For step 2, is it a must to generate a self signed cert? is it possible to use back to original N1 CA- signed certificate?
1. Obtain the N1 backup and restore it on N1A. See "Restoring Data from a Backup" sectionfor more information. The restore script will identify the hostname change and domain name change, and will update the hostname and domain name in the deployment configuration based on the current hostname.
The reason for asking to create a self signed cert is , the subject name of the certificate should match ISE node FQDN. If you import the N1 node CA- signed certificate, that certificate will have the hostname of N1 node as its subject name and it will not work.
So you have to create a self signed certificate or get a new CA signed certificate with subject name as N1A node FQDN.
Hope this clarifies the reason of self signed certificate.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :