cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
4773
Views
0
Helpful
3
Replies

No policy server detected

dgaikwad
Level 5
Level 5

Hi Experts,

In my quest to integrate the third party vendors switches with ISE, I have not started working with the Juniper switches.

The specs are as follows,
Juniper 4200EX with JunOS 15.1R7.8 integrating with ISE ver 2.3

AnyConnect 4.5.04.029

The initial testing of user with machine certificate is working as expected.

When I put in the posture check conditions to check on the endpoint, I see that after sometime of scanning, AnyConnect gives the message that its not able to detect the policy server.

Policy:

Juniper Policy.JPG

The interface is just configured for dot1x and there are no ACL or anything being applied.

The endpoint is able to reach the ISE server.

 

What am I missing here?

Is this an expected behavior since I have not pushed any ACLs?

 

Any pointers much appreciated.

3 Replies 3

Cory Peterson
Level 5
Level 5

Can you please share the live logs of the device with issues? And the Log detail page from the passed or failed auth for that device. 

hslai
Cisco Employee
Cisco Employee

Make sure to configure ISE Posture profile not to rely on the switch for redirect. More info, see 

ISE Posture Style Comparison for Pre and Post 2.2 - Cisco

Please consider engage Cisco TAC to troubleshoot.

I added the IP address and DNS name of the ISE PSN in the call home list in the ISEPostureCFG.xml file. Restarted AnyConnect and then was able to get to the ISE server and run posture checks.

But, then this should not be the right way of resolving this issue, right?aruba

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: