F5, Cisco ISE and EAP-TLS

Question

Hi,&nbsp;
We are in the process of migrating our ISE infrastructure(AAA servers) from cisco ACE to F5.&nbsp;
We followed Craig Hyps document for the configuring F5 LB.
https://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-95-Cisco_and_F5_Deployment_Guide-ISE_Load_Balancing_Using_BIG-IP.pdf&nbsp;
All looks ok except EAP-TLS authentication. (PEAP user/computer works fine)&nbsp;
In the document there is nothing special mentioned that needs to be done for TLS.&nbsp;
I think it may be related to fragmentation but not sure.&nbsp;
I can also add here that if we point the NAD's to the PSN directly it works.&nbsp;
The problem is only when we use the VIP.&nbsp;
(PEAP work with the VIP also)&nbsp;
Do you know  if something special needs to be done on the F5 for EAP-TLS to work.&nbsp;
Any information or hint is appreciated.&nbsp;
Thanks,
Laszlo&nbsp;

boneyard · Answer

i see nowhere any remark about special requirement for EAP-TLS. 
https://devcentral.f5.com/s/feed/0D51T00006i7R56SAE

why do you suspect fragmentation is involved?

could you post your virtual server config?

gajena_221973 · Answer

Hi Guys,

I have a similar issue with TLS not working via VIP, did you able to solve this?

Thanks
Gaj

Forum Discussion

F5, Cisco ISE and EAP-TLS

2 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

F5 BIG-IP in Cisco ACI Multi-Site and Multi-Pod - Design Considerations

F5 BIG-IP Access Policy Manager (APM) - Idp integration - Cisco vManage

F5 BIGIP + Cisco Tetration: Application Centric Visibility

F5 and Cisco ACI Essentials: Automate automate automate !!!

Integrating SSL Orchestrator with Cisco WSA Virtual Edition