Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ISE IPN 3315 roll out?

Hi There,

I'm currently working on rolling out Cisco ISE appliances in our customer site, I've completed the core ISE PSN deployment and this is set-up for monitoring only at the moment.

Our customer now wants to roll out 3315 appliances as Inline Posture Nodes (IPN) for their remote access solution.

Our customer deploys a Front-End (ASA) and a Back-End (FWSM) firewall solution in there remote access set-up infrastructure and also deploys a back--end firewall between each different network domain

It has being decided to deploy the ISE IPN nodes between the Front-End and Back-End firewalls which has being completed (physical cabling, VLAN set-up)

When we attempt to try and set-up the ISE IPN nodes we can't even get past the basic build. The nodes fail to ping the default gateway or connect to the NTP servers. If I place my laptop on the same network I can ping the outside interface

We have opened up the ACLS on the FWSM to permit traffic but came to the conclusion this would never work as the securtiy level for the outside interface on the FWSM is set to zero

So to try and get around this we set-up another DMZ interface of the FWSM called ISE-TRUSTED and set the security level to 80 and allowed IP any any through for the IPN nodes but the basic build set-up is still failing we have also enabled icmp permit ISE-TRUSTED which again when I connect my laptop to this network I can ping the FWSM DMZ interface.

Has anyone come across this issue before or deployed IPN nodes in a similar set-up as outlined above. I've hit a brick wall with the deployment and now our customer is pushing for a resoultion. Any help would be greatly appreciated

Regards

Graham

545
Views
0
Helpful
0
Replies
CreatePlease to create content