06-07-2018 10:41 PM
Hi,
Table.2 on the installation guide 2.4 shows Mnt requires TCP/1521 for Oracle DB Listener.
But the picture on the same page "Cisco ISE 2.4 Node Communication" shows not Mnt but PSN require the port.(PSN to PIP).
* There is no TCP/1521 communication from/to MnT.
Which really requires the port?
Solved! Go to Solution.
06-09-2018 08:56 AM
1521/TCP is inbound to MnT but not outbound from MnT. I think the picture on PAN -> MnT should replace tcp/1528 with tcp/1521.
06-08-2018 07:41 AM
PIP stands for policy information point, such as AD/LDAP. In particular, ISE supports 5 favors of ODBC sources, which includes Oracle DB and that data source may listen on either the default TCP/1521 or another port. Thus, it's the connections will be outbound from a PSN and the data source listening on such port but not a PSN.
06-09-2018 12:00 AM
Thanks. I understand what the picture is meaning.
* PSN --------> TCP/1521 on External Servers
However still want to know what the table2 means.
Table.2 shows not PSN but MnT has TCP/1521 connection.
The connection (TCP/1521 on Mnt -----> XXXX server) doesn't appear on the picture.
Is the connection really required for MnT operation? And What is the destination of the 1521 connection from Mnt?
06-09-2018 08:56 AM
1521/TCP is inbound to MnT but not outbound from MnT. I think the picture on PAN -> MnT should replace tcp/1528 with tcp/1521.
06-10-2018 12:49 AM
Understand,thanks! The information is needed for upstream firewall requirement. I'll forward the info to my customer.
06-17-2018 11:02 PM
Sorry for bothering you again. But I got new question from my customer.
Could you tell me the purpose of the TCP1521 connection from PAN to MnT?
They wants to know why all interfaces on MnT must open the port so asked me the purpose of the TCP connection.
* The guide shows not only g0/Bond0 but also others(g1-5/bond1-2) have to open the port.
06-20-2018 04:30 PM
You are correct that usually this is going PPAN (g0/bond0) -> MnT (g0/bond0). The table 2 shows it open but not actually used.
06-20-2018 08:37 PM
Thanks. Usually I and my customer refer the port list to consider upstream firewall policy, so it would be great if we can find only necessary TCP/UDP ports for ISE correct operation. Anyway I'll transfer the info to my end customer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide