I have requirement like this:
1. i want to make call using voip apps in mobile phone to internal extention via Internal SIP Server . In order to accomplished this i have to established VPN connection to internal subnet using Juniper SA SSL VPN.
2. my client requirement : junos pulse is always maintain vpn connection to SA, so user from internal can call extention to user using mobil phone( andorid/iphone/blackberry) and vice versa anytime.
The result is : we can make call to internal ext. using mobile phone and vice versa, from internal IP phone can call ext. in user's mobile phone. But if the mobile phone is idle or it's screen-off then junos pulse seems like disconnect to SA (we cannot ping IP address of junos pulse in mobile phone). But when we activate the mobile phone/ not idle junos pulse wiil run automatically to connect to SA and can make call again (we can ping the ip address of junos pulse on mobile phone).
Is it normally for junos pulse on mobile phone? because my client want to keep session from junos pulse to SA even when mobile phone is idle/screen-off. So user internal can anytime making call to user mobile using junos pulse and voip apps.
as far as i know L3 full-vpn access to SA this time only supported for iphone, andorid in some puduct only, but not in blackberry.
Hope anyone can give me solution for this.
AFAIK, the VPN tunnel should not be disconnected to the SA from your phones unless it reaches the max session time for a particular user configured on the role (On SA) OR until the user reaches the "idle timeout" value set on the role on SA.
VPN session breaking when the screen-off is mostly likely to be ignored as I clearly dont see any reason as to why the VPN tunnel would get disconnected for a screen-off on the phone - unless you have some third party application running on your phone which kills the running process when the screen turns-off.
However, I think the possible cause would be the phone being idle - May I know how long does a user sits idle to see this problem?
You can try to play around with the "Idle timeout" value and the "Max session time / length" on the IVE under Role > General > Session options.
Hope the above helps.
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks
We noticed this same bahvior. As soon as the device is locked the tunnel will close. Usually within about 5 seconds. When you unlock the device the tunnel is re-established. It's very consistant on Android using Pulse Mobile 3.2. It's a bit more random when using an ios device and Pulse Mobile 3.0. Sometimes Pulse will still show as connected once you unlock the device but the SA doesn't show that the user has an IP assigned, and won't re-establish the tunnel until you try and send some packets through it.
We tested different session settings but couldn't get the tunnel to remain connected once the device was locked.
It would be good if there was an option to keep the tunnel running.
If I'm not mistaken most cell phones will disable the wireless radio when the device is asleep in order to save battery life.