I'm currently working on rolling out Cisco ISE appliances in our customer site, I've completed the core ISE PSN deployment and this is set-up for monitoring only at the moment.
Our customer now wants to roll out 3315 appliances as Inline Posture Nodes (IPN) for their remote access solution.
Our customer deploys a Front-End (ASA) and a Back-End (FWSM) firewall solution in there remote access set-up infrastructure and also deploys a back--end firewall between each different network domain
It has being decided to deploy the ISE IPN nodes between the Front-End and Back-End firewalls which has being completed (physical cabling, VLAN set-up)
When we attempt to try and set-up the ISE IPN nodes we can't even get past the basic build. The nodes fail to ping the default gateway or connect to the NTP servers. If I place my laptop on the same network I can ping the outside interface
We have opened up the ACLS on the FWSM to permit traffic but came to the conclusion this would never work as the securtiy level for the outside interface on the FWSM is set to zero
So to try and get around this we set-up another DMZ interface of the FWSM called ISE-TRUSTED and set the security level to 80 and allowed IP any any through for the IPN nodes but the basic build set-up is still failing we have also enabled icmp permit ISE-TRUSTED which again when I connect my laptop to this network I can ping the FWSM DMZ interface.
Has anyone come across this issue before or deployed IPN nodes in a similar set-up as outlined above. I've hit a brick wall with the deployment and now our customer is pushing for a resoultion. Any help would be greatly appreciated
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :