cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2683
Views
0
Helpful
3
Replies
Contributor

No policy server detected

Hi Experts,

In my quest to integrate the third party vendors switches with ISE, I have not started working with the Juniper switches.

The specs are as follows,
Juniper 4200EX with JunOS 15.1R7.8 integrating with ISE ver 2.3

AnyConnect 4.5.04.029

The initial testing of user with machine certificate is working as expected.

When I put in the posture check conditions to check on the endpoint, I see that after sometime of scanning, AnyConnect gives the message that its not able to detect the policy server.

Policy:

Juniper Policy.JPG

The interface is just configured for dot1x and there are no ACL or anything being applied.

The endpoint is able to reach the ISE server.

 

What am I missing here?

Is this an expected behavior since I have not pushed any ACLs?

 

Any pointers much appreciated.

Everyone's tags (3)
3 REPLIES 3
Contributor

Re: No policy server detected

Can you please share the live logs of the device with issues? And the Log detail page from the passed or failed auth for that device. 

Cisco Employee

Re: No policy server detected

Make sure to configure ISE Posture profile not to rely on the switch for redirect. More info, see 

ISE Posture Style Comparison for Pre and Post 2.2 - Cisco

Please consider engage Cisco TAC to troubleshoot.

Highlighted
Contributor

Re: No policy server detected

I added the IP address and DNS name of the ISE PSN in the call home list in the ISEPostureCFG.xml file. Restarted AnyConnect and then was able to get to the ISE server and run posture checks.

But, then this should not be the right way of resolving this issue, right?aruba

Everyone's tags (3)