cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4146
Views
0
Helpful
3
Replies
dgaikwad
Contributor

No policy server detected

Hi Experts,

In my quest to integrate the third party vendors switches with ISE, I have not started working with the Juniper switches.

The specs are as follows,
Juniper 4200EX with JunOS 15.1R7.8 integrating with ISE ver 2.3

AnyConnect 4.5.04.029

The initial testing of user with machine certificate is working as expected.

When I put in the posture check conditions to check on the endpoint, I see that after sometime of scanning, AnyConnect gives the message that its not able to detect the policy server.

Policy:

Juniper Policy.JPG

The interface is just configured for dot1x and there are no ACL or anything being applied.

The endpoint is able to reach the ISE server.

 

What am I missing here?

Is this an expected behavior since I have not pushed any ACLs?

 

Any pointers much appreciated.

3 REPLIES 3
Cory Peterson
Contributor

Can you please share the live logs of the device with issues? And the Log detail page from the passed or failed auth for that device. 

hslai
Cisco Employee

Make sure to configure ISE Posture profile not to rely on the switch for redirect. More info, see 

ISE Posture Style Comparison for Pre and Post 2.2 - Cisco

Please consider engage Cisco TAC to troubleshoot.

I added the IP address and DNS name of the ISE PSN in the call home list in the ISEPostureCFG.xml file. Restarted AnyConnect and then was able to get to the ISE server and run posture checks.

But, then this should not be the right way of resolving this issue, right?aruba

Content for Community-Ad