F5, Cisco ISE and EAP-TLS
Hi,
We are in the process of migrating our ISE infrastructure(AAA servers) from cisco ACE to F5.
We followed Craig Hyps document for the configuring F5 LB. https://www.cisco.com/c/dam/en/us/td/docs/security/ise/how_to/HowTo-95-Cisco_and_F5_Deployment_Guide-ISE_Load_Balancing_Using_BIG-IP.pdf
All looks ok except EAP-TLS authentication. (PEAP user/computer works fine)
In the document there is nothing special mentioned that needs to be done for TLS.
I think it may be related to fragmentation but not sure.
I can also add here that if we point the NAD's to the PSN directly it works.
The problem is only when we use the VIP.
(PEAP work with the VIP also)
Do you know if something special needs to be done on the F5 for EAP-TLS to work.
Any information or hint is appreciated.
Thanks, Laszlo