ā11-02-2018 01:40 AM
Hi Experts,
In my quest to integrate the third party vendors switches with ISE, I have not started working with the Juniper switches.
The specs are as follows,
Juniper 4200EX with JunOS 15.1R7.8 integrating with ISE ver 2.3
AnyConnect 4.5.04.029
The initial testing of user with machine certificate is working as expected.
When I put in the posture check conditions to check on the endpoint, I see that after sometime of scanning, AnyConnect gives the message that its not able to detect the policy server.
Policy:
The interface is just configured for dot1x and there are no ACL or anything being applied.
The endpoint is able to reach the ISE server.
What am I missing here?
Is this an expected behavior since I have not pushed any ACLs?
Any pointers much appreciated.
ā11-02-2018 04:41 AM
Can you please share the live logs of the device with issues? And the Log detail page from the passed or failed auth for that device.
ā11-02-2018 07:22 AM
Make sure to configure ISE Posture profile not to rely on the switch for redirect. More info, see
ISE Posture Style Comparison for Pre and Post 2.2 - Cisco
Please consider engage Cisco TAC to troubleshoot.
ā11-04-2018 11:23 PM
I added the IP address and DNS name of the ISE PSN in the call home list in the ISEPostureCFG.xml file. Restarted AnyConnect and then was able to get to the ISE server and run posture checks.
But, then this should not be the right way of resolving this issue, right?aruba
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide