Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Lost in Juniper Network Connect Config... Please Help

JGillTech_
Occasional Contributor
‎11-01-2010 12:35:PM
‎11-01-2010 12:35:PM

Lost in Juniper Network Connect Config... Please Help

In the process of setting up Network Connect. I setup the resource policy with the appropriate IP range... but I am stuck on the network settings (system >> network >> network connect). There are two options... the first is IP address filter. I just specified the IP address range on the resource policy. What's this? The next which I am even more confused about is Network Connect Server IP Address. I would think that the IP address of my appliance would go here.... but it says "Be careful to choose an IP other than your IVE external/internal IPs. For the the record, I am setup without an external port. My internal port is connected directly to my public network, which are all public IPs. The IPs I will be assigning via Network Connect are public IP addresses as well.

Here is a snapshot of my network topology:

External Firewall ---> VLANs with External IP address --> VPN VLAN ---> Juniper SSL (internal port)

I don't see a reason to use the external... not sure where the use of the external port would be applicable.

0 Kudos
5 REPLIES 5
rcallanan_
Contributor
‎11-02-2010 09:29:AM
‎11-02-2010 09:29:AM

Re: Lost in Juniper Network Connect Config... Please Help

In a simple setup like yours, your IP filter would probably just match what you configured in your resource policy. In multiple appliance/site configurations, the filter is one way to break apart which appliances can assign which addresses.

As for the external port, many environments require that web traffic only enter the network in a particular segment, and would prefer that both their VPN clients and rewritten traffic from the IVE don't reside in that zone. But for simple implementations you can certainly just one-arm the appliance.

0 Kudos
JGillTech_
Occasional Contributor
‎11-02-2010 09:55:AM
‎11-02-2010 09:55:AM

Re: Lost in Juniper Network Connect Config... Please Help

Thanks, that makes sense. How about the Network Connect Server IP address? What is the function of this IP and how is it related to Network Connect?

0 Kudos
muttbarker_
Valued Contributor
‎11-02-2010 11:08:AM
‎11-02-2010 11:08:AM

Re: Lost in Juniper Network Connect Config... Please Help

This is an "internal address" that is used by the NC process and has nothing to do with client side IP's. Hence the need to make sure it is not part of your address pool. It is an address that the NC process uses to communicate and hand out addresses to the clients.

Best to leave the default address in place.

0 Kudos
JGillTech_
Occasional Contributor
‎11-02-2010 11:10:AM
‎11-02-2010 11:10:AM

Re: Lost in Juniper Network Connect Config... Please Help

Best to leave the default of 10.200.200.200 in place? I saw another configuration that used the next IP in sequence... so it went 10.10.10.2 for the appliance, 10.10.10.3 for the NC server, and the NC IP address range was 10.10.10.4-100. Is there any traffic that is routed between the NC server interface and the internal LAN?

0 Kudos
muttbarker_
Valued Contributor
‎11-02-2010 11:28:AM
‎11-02-2010 11:28:AM

Re: Lost in Juniper Network Connect Config... Please Help

Yes - leave it in place - here is the exact statement from the admin guide -

"Specifying the Network Connect Server IP Address The server-side Network Connect process uses the server IP address to communicate with enterprise resources. NOTE: Only change the Network Connect server IP address when instructed to do so by the Juniper Networks Support team."
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.