Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7951
Views
10
Helpful
15
Replies

ISE 2.6 ACL-Redirection-Less Posture

Go to solution
ISEduo
Level 1
Level 1

‎06-07-2020 04:12 AM - edited ‎06-07-2020 04:15 AM

HI All,

 

I am configuring ISE 2.6 posture with the "acl-redirection-less way". Meaning I am using the "call-home" functionality. I have already configured the ISE part with the minimum required config. And I have specified all my PSN FQDN in the Call-home field on the endpoint. I do not use the discovery host field.

 

But it does not work. The Posture module are writing "Searching for Policy servers" and after 30 seconds "No Policy servers are detected".

 

The output from DART shows "Not Reachable" for enroll.cisco.com. Both ISE PSN and enroll.cisco.com are resolvable and reachable from the client side. The Client Provisioning portal are reachable from the client side. Even trough the Portal is writing "Unable to detect Anyconnect Posture Agent" after login. Could this be related to the main problem?

 

What can course this problem?

 

 

The output from DART shows

 

\negasonic_mr30.297045120452\negasonic_mr3\posture\ise\libnaccommon\httpconnection.cpp Line: 814 Level: debug Failed to retrieve http header X-ISE-PDP-WITH-SESSION.
2020/06/05 13:01:53 [Error] aciseagent Function: Target::parsePostureStatusResponse Thread Id: 0x4B44 File: c:\temp\build\thehoff\negasonic_mr30.297045120452\negasonic_mr3\posture\ise\libnaccommon\target.cpp Line: 328 Level: error Headend is empty. Possibly, content is not in the form 'X-ISE-PDP'..
2020/06/05 13:01:53 [Information] aciseagent Function: Target::Probe Thread Id: 0x4B44 File: c:\temp\build\thehoff\negasonic_mr30.297045120452\negasonic_mr3\posture\ise\libnaccommon\target.cpp Line: 201 Level: debug Status of Ng-Discovery target ise.acmecorp.net with path /auth/ng-discovery is 5 <Invalid server.>.

2020/06/05 15:21:07 [Information] aciseagent Function: Target::Probe Thread Id: 0x30B8 File: c:\temp\build\thehoff\negasonic_mr30.297045120452\negasonic_mr3\posture\ise\libnaccommon\target.cpp Line: 201 Level: debug Status of Redirection target gwip is 6 <Not Reachable.>.

2020/06/05 15:21:07 [Information] aciseagent Function: Target::Probe Thread Id: 0x1AC8 File: c:\temp\build\thehoff\negasonic_mr30.297045120452\negasonic_mr3\posture\ise\libnaccommon\target.cpp Line: 201 Level: debug Status of Redirection target enroll.cisco.com is 6 <Not Reachable.>.

2020/06/05 15:21:15 [Information] aciseagent Function: Target::Probe Thread Id: 0x8E0 File: c:\temp\build\thehoff\negasonic_mr30.297045120452\negasonic_mr3\posture\ise\libnaccommon\target.cpp Line: 201 Level: debug Status of Ng-Discovery target enroll.cisco.com with path /auth/ng-discovery is 6 <Not Reachable.>.

 

 

1 person had this problem
0 Helpful
15 Replies 15

Go to solution
LY YIHEANG
Level 1
Level 1
In response to ISEduo

‎07-14-2023 09:54 PM

Hi team,

You mean you add PSN FQDN to call home list?. Can we use Wilcard ? *.domain.com

 

Thank you

0 Helpful
Customers Also Viewed These Support Documents