https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987312#M541157 <P>Hi All ,&nbsp;</P><P>&nbsp;</P><P>i have cisco ISE SSH VPN , posture scan i snot working .</P><P>&nbsp;</P><P>on Anyconnect Posture module&nbsp; showing '' No Policy Server Detected ''</P><P>&nbsp;</P><P>from the End-point -CMD , nslookup to the ISE server FQDN is showing timeout (Screenshot is attached )</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 21 Nov 2019 15:37:03 GMT aslam.bajwa 2019-11-21T15:37:03Z https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987312#M541157 <P>Hi All ,&nbsp;</P><P>&nbsp;</P><P>i have cisco ISE SSH VPN , posture scan i snot working .</P><P>&nbsp;</P><P>on Anyconnect Posture module&nbsp; showing '' No Policy Server Detected ''</P><P>&nbsp;</P><P>from the End-point -CMD , nslookup to the ISE server FQDN is showing timeout (Screenshot is attached )</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 21 Nov 2019 15:37:03 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987312#M541157 aslam.bajwa 2019-11-21T15:37:03Z https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987324#M541158 Hi,<BR />If you cannot resolve DNS names, are you pushing down a DACL which could be blocking DNS? Try without applying the DACL to the user session to determine if a DACL issue. Thu, 21 Nov 2019 15:46:09 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987324#M541158 Rob Ingram 2019-11-21T15:46:09Z https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987445#M541159 More than likely this is a dacl issue as already mentioned. You have options within ISE to statically set the ip in the authz profile that would help eliminate the name resolution issue as a connectivity test. Obviously your restricted area must be able to reach your ISE PSN that will be performing the posture checks. Something else you could try as a quick test is using your hosts file locally if you are running Windows to statically provide dns. As far as CoA things are concerned for applying different dacls etc. make sure that udp port 1700 is not blocked along the path between your NAD &amp; ISE OR for VPN between your ASA &amp; ISE. HTH! Thu, 21 Nov 2019 19:03:23 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987445#M541159 Mike.Cifelli 2019-11-21T19:03:23Z https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987933#M541160 <BLOCKQUOTE><HR /><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/833210">@Mike.Cifelli</a>&nbsp;wrote:<BR />More than likely this is a dacl issue as already mentioned. You have options within ISE to statically set the ip in the authz profile that would help eliminate the name resolution issue as a connectivity test. Obviously your restricted area must be able to reach your ISE PSN that will be performing the posture checks. Something else you could try as a quick test is using your hosts file locally if you are running Windows to statically provide dns. As far as CoA things are concerned for applying different dacls etc. make sure that udp port 1700 is not blocked along the path between your NAD &amp; ISE OR for VPN between your ASA &amp; ISE. HTH!<HR /></BLOCKQUOTE> <P>yes and also checked out the&nbsp;<A href="https://cs.co/ise-guides" target="_blank">https://cs.co/ise-guides</A></P> <P>in particular the one titled&nbsp;<A title="ISE Posture Prescriptive Deployment Guide" href="https://community.cisco.com/t5/security-documents/ise-posture-prescriptive-deployment-guide/ta-p/3680273" target="_blank" rel="noopener">ISE Posture Prescriptive Deployment Guide</A></P> <P>If still having issues please work through tac</P> Fri, 22 Nov 2019 15:14:52 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-vpn-posture-notworking/m-p/3987933#M541160 Jason Kunst 2019-11-22T15:14:52Z