cancel
Showing results for 
Search instead for 
Did you mean: 

Netconnect Always On

Les_G_
Occasional Contributor

Netconnect Always On

We would like have users auito logon to VPN and I was wondering if there is a way to enable always on/auto logon with netconnect client like other IPSec/SSL clients?

Thanks.

7 REPLIES 7
zanyterp_
Respected Contributor

Re: Netconnect Always On

as kita said, not with network connect, but this can be achieved with pulse.

Kita_
Valued Contributor

Re: Netconnect Always On

Network connect has the GINA plug-in that integrates with windows credential provider.  This allows you to log-on via your cache credentials and create a tunnel during the log-in process.  Pulse has additional features for machine authentication that allow you to create a tunnel when the machine boots before winlogon or after winlogon.

RadiusWorldwide_
Occasional Contributor

Re: Netconnect Always On

Sorry for dragging this out, but I'm having trouble configureing exactly that using the Pulse client. I want to pass on the cached Windows credentials. However, Pulse should not try to connect when the laptop has no internet connection or is on the corporate LAN. Ticked the "At user logon" and at least the client steps in after I provided my Windows credentials but it says "No log on sevrer available" when I have no internet connection, well duh.. of course not, hehe. When I'm on the LAN it asks me for proxy credentials.

 

So how can I configure this Always-On? I'd be happy if someone could point me to a knowledgebase article or something like that since I cannot find anything useful unfortunately.

 

Edit: Got the Always-on function working based on endpoint IP. Still Pulse won't take over the AD Windows cached credentials. Arg. Any common pitfalls?

Kita_
Valued Contributor

Re: Netconnect Always On

At the user logon (Credential provider) will attempt to create the tunnel first, then connect to the domain controller. If you have no internet connectivity, then this scenario will not work. If you will be using cached credentials, then you can configure Pulse to start the connection manually or use the always option once the end user has logged into the desktop.
RadiusWorldwide_
Occasional Contributor

Re: Netconnect Always On

I got it almost working now. If I'm connected to the company LAN or have no connection the Junos Pulse starts but does nothing. As soon as I have an internet connection the tunnel is built. So the always-on works. 

So do I get it right, that if I'm not able to connect via VPN directly at the log on but later instead, that I'm then not able to pass on the user credentials of the currently logged on user? I think I get at least the user account name right, since I see it when Pulse pops up in the domain synthax DOMAIN\username. But the password is missing. I wonder if there's a workaround to get the password filled out as well. Is it maybe stored somewhere in encrypted form?

lyndidon_
Contributor

Re: Netconnect Always On

Do't know why Juniper thought centering the comments was a great job but the again...allowpwd.png

This may be what you are looking for. Or do you want the Secure Access Service to cash the password?

 

http://kb.pulsesecure.net/InfoCenter/index?page=content&id=KB25846&actp=search&viewlocale=en_US&sear...

Kita_
Valued Contributor

Re: Netconnect Always On

If you are simply looking to start the vpn tunnel automatically when the end user reaches the desktop, you can use the "Automatically after user signs into the desktop". You can use the "allow save credentials" so the end user can cache the credential within the Pulse client. Once this is completed, the end user will have a vpn tunnel created every time they reach the desktop.