Solved: ISE API Calls

vishrana · ‎04-25-2018

Hi all,

I am trying to make an API call to ISE 2.2 on port 443. The server from where I am making the call uses TLS1.0 for sending the Hello during the TLS handshake. ISE rejects the request and does not responds back.with server Hello.

I am able to make the same request to ISE from a different server using TLSv1.2 and it works as intended.

Can anybody confirm if ISE does not supports TLSv1.0 for SSL communication?

Craig Hyps · ‎04-25-2018

REST Monitoring calls are made to MNT node on 443, but ERS API calls must use the designated port of 9060 to PAN node. The TLS under ISE 2.2 Security Settings do not apply to ISE web service.

ISE admin portal supports TLS 1.1 and 1.2 since ISE 2.0.

View solution in original post

Arne Bier · ‎04-25-2018

Hi Vishal

What API calls are you making on port 443? I thought the ERS stuff was on TCP/9060 ?

To enable TLS 1.0 try this

Craig Hyps · ‎04-25-2018

REST Monitoring calls are made to MNT node on 443, but ERS API calls must use the designated port of 9060 to PAN node. The TLS under ISE 2.2 Security Settings do not apply to ISE web service.

ISE admin portal supports TLS 1.1 and 1.2 since ISE 2.0.

vishrana · ‎04-25-2018

Thanks chyps that is exactly what I wanted to confirm. "ISE admin portal supports TLS 1.1 and 1.2 since ISE 2.0"

I am not making ERS API calls.

I am making REST Monitoring calls to Mnt service (Standalone ISE node) on 443 to quarantine the endpoints by IP-address using the following API calls:

https://<primary_ise_node>/ise/eps/QuarantineByIP/{IP_Address}

vishrana · ‎04-25-2018

arne.bier Thanks for your quick response to my post.