Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1233
Views
0
Helpful
3
Replies

Cisco ISE 2.3 problem with proxy

Go to solution
beejrteek
Level 1
Level 1

‎10-14-2018 10:39 AM

Dear Friends,

I have SNS-3595 with ISE version 2.3 (patch 3). My Cisco ISE if want to have access to Internet it must going through Proxy.

Communication between Cisco ISE and Proxy working good. But I have error with information "Connection to the remote site has failed. Verify that the remote site is available and/or related ISE administration settings are correct."

I run TCP Dump and I see:

tcpdump.PNG

Alert with information that problem is with Protocol Version.

Can anybody explain me this problem ? Why it occured ? How can I resolve it?

 

Best regards

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
beejrteek
Level 1
Level 1
In response to Martin Kling

‎10-15-2018 01:21 AM

Dear Martin,

I found a document in which I read that TLS1.2 is supported from the version 2.4, earlier versions support only TLS1.0 and 1.1.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769

So, probably this is not a bug, but normal behaviour. Proxy has disabled support for TLS1.0, so I must request my client to enable it.

 

Thanks for your help! Best regards

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Martin Kling
Level 1
Level 1

‎10-15-2018 01:02 AM

Hi

Looks that you are hitting this bug: ISE uses TLS 1.0 when proxy configured and TLS 1.2 if no proxy configured (CSCvk10081)

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvk10081

Br,

CCIE #36669 (Security)
Cisco Fire Jumper
0 Helpful

Go to solution
beejrteek
Level 1
Level 1
In response to Martin Kling

‎10-15-2018 01:21 AM

Dear Martin,

I found a document in which I read that TLS1.2 is supported from the version 2.4, earlier versions support only TLS1.0 and 1.1.

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/release_notes/b_ise_24_rn.html#id_82769

So, probably this is not a bug, but normal behaviour. Proxy has disabled support for TLS1.0, so I must request my client to enable it.

 

Thanks for your help! Best regards

 

0 Helpful

Go to solution
Martin Kling
Level 1
Level 1
In response to beejrteek

‎10-15-2018 01:53 AM

Hi

Great that you have found a solution

 

Cisco has fixed the issue on 2.2 patch 11 (released in oct) which now support TLS 1.2. But the fix has not been released on 2.3 (at least not yet, last patch is sept)

Br,

CCIE #36669 (Security)
Cisco Fire Jumper
0 Helpful
Customers Also Viewed These Support Documents