cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

339
Views
0
Helpful
1
Replies
Highlighted
Beginner

ISE No Policy Server Detected error

Hi,

 

Please help me remediate this annoying issue that many users are seeing on their anyconnect (no policy server), i am not sure where the issue is and TAC is also not being helpful.

Configuration:

ISE V 2.0 PAtch 4

ISE discovery host IP is set to one of the PAN nodes 10.X.32.112

ASA V 9.4

Anyconnect 4.7

Compliance Module 3.6.X

 

Observation: The issue fixes after PC reboots

 

Note #1 : We started seeing this after making split tunnel changes due to Corona, earlier there was no split tunnel now everything is split, the split acl type is tunnel specified we only tunnel rFC 1918 and enroll.cisco.com IP.

 

Note #2 : We also have Zscaler proxy app on Pcs, sometimes (not all the times) the issue seems to be resolve when we quit the app.

 

 

 

 

Redirect ACL on ASA
access-list REDIRECT remark permit DC1 PSN's and VIP
access-list REDIRECT extended deny ip any host X.X.X.61
access-list REDIRECT extended deny ip any host X.X.32.112
access-list REDIRECT extended deny ip any host X.X.32.113
access-list REDIRECT extended deny ip any host X.X.32.114
access-list REDIRECT extended deny ip any host X.X.32.115
access-list REDIRECT extended deny ip any host X.X.32.116
access-list REDIRECT remark permit DC2 PSNs and VIP
access-list REDIRECT extended deny ip any host X.X.X.61
access-list REDIRECT extended deny ip any host X.X.32.112
access-list REDIRECT extended deny ip any host X.X.32.113
access-list REDIRECT extended deny ip any host X.X.32.114
access-list REDIRECT extended deny ip any host X.X.32.115
access-list REDIRECT extended deny ip any host X.X.32.116
access-list REDIRECT remark permit DC3 PSNs and VIP
access-list REDIRECT extended deny ip any host X.X.X.61
access-list REDIRECT extended deny ip any host X.X.32.110
access-list REDIRECT extended deny ip any host X.X.32.111
access-list REDIRECT extended deny ip any host X.X.32.112
access-list REDIRECT extended deny ip any host X.X.32.113
access-list REDIRECT extended deny ip any host X.X.32.114
access-list REDIRECT extended deny ip any host X.X.32.115
access-list REDIRECT extended deny ip any host X.X.32.116
access-list REDIRECT extended deny udp any any eq domain
access-list REDIRECT extended permit ip any any

 

Your help would be very much appreciated.

 

Thanks.

Atif

Everyone's tags (4)
1 REPLY 1
Highlighted
Beginner

Re: ISE No Policy Server Detected error

you said issue seems to fix after reboot. try doing a packet capture after reboot and see if traffic to ise server is going through or not . I'd let that packet capture run until the issue has come back . check the capture and see if there is an application that blocks it.

This widget could not be displayed.