In the "Junos Pulse Administration Guide" discussed:
"With Wi-Fi connectivity, Pulse reconnects the VPN tunnel automatically when the user wakes up the device. With 3G connectivity, the VPN reconnects when the user generates some network traffic using an application like Safari or Mail."
I have tested the Wi-Fi connectivity with Junos Pulse and work fine, but I don't achieve that the VPN tunnel reconnect automatically. When the IPhone is blocked, wifi is disconnected and the session is ended in SA automatically. After IPhone wakes up, I see in the Junos Pulse menu that it's trying to reconnect (Reasserting), but finally I receive the next message: "VPN Connection Failed. Failed to negotiate with the server".
We have authentication with digital certificate. Anybody have tested this functionality?
Do you see another authentication attempt when on Wi-Fi?
Are you able to test with username and password to see if a difference in behavior is observed?
I tested with username/password and it didn't work.
I have observed that when IPhone is blocked, wifi go down and SA receive a session ended, but the user continue in the "Active Users" tab, but this user lost "Network Connect IP" and "NC Transport Mode" value.
Wifi session return correctly, but Junos Pulse doesn't return automatically and I have to launch the connection manually.
In the Iphone's log can see these errors.
session.info disconnecting from ive sslvpn.lab.ss with reason 6
ncphandler.error NCP disconnect failed, error 57
I have continued doing tests.
I have seen that if I turn off the "mobile data" in the Network menu of the IPhone (IOS 4.1), the Junos Pulse reconnect correctly. I've checked that wifi session is manteined in the Access Point and Junos Pulse session is down in SA. When the IPhone is waked up, the Junos Pulse session is reconnect automatically.
However, if I have Mobile Data active in the Network Menu of the IPhone, I've checked that wifi session is lost in the Access Point when IPhone is blocked. When the Iphone is waked up, the wifi session returns, but I see in the Access Point how the IP of the IPhone change between the wifi IP and the 3G IP.À?À?À?
Then, I think that there is a problem with the switching between 3G connection and Wifi connection.
ÀAnybody has the same problem?
Roaming is enabled. But SA isn't received different IPs. AP receives different IP. The WLAN IP and 3G IP. Seems that IPhone manages bad the change beetween 3G and Wifi.
Unfortunately, I am not sure on that one.
It is possible it is being handled poorly by the iOS and would need to be handled by Apple; it could be that Pulse or the SA is not handling something correctly as well.
At this point you may want to open a case with JTAC to work with them to try and determine where the failure is located.