We would like have users auito logon to VPN and I was wondering if there is a way to enable always on/auto logon with netconnect client like other IPSec/SSL clients?
Network connect has the GINA plug-in that integrates with windows credential provider. This allows you to log-on via your cache credentials and create a tunnel during the log-in process. Pulse has additional features for machine authentication that allow you to create a tunnel when the machine boots before winlogon or after winlogon.
Sorry for dragging this out, but I'm having trouble configureing exactly that using the Pulse client. I want to pass on the cached Windows credentials. However, Pulse should not try to connect when the laptop has no internet connection or is on the corporate LAN. Ticked the "At user logon" and at least the client steps in after I provided my Windows credentials but it says "No log on sevrer available" when I have no internet connection, well duh.. of course not, hehe. When I'm on the LAN it asks me for proxy credentials.
So how can I configure this Always-On? I'd be happy if someone could point me to a knowledgebase article or something like that since I cannot find anything useful unfortunately.
Edit: Got the Always-on function working based on endpoint IP. Still Pulse won't take over the AD Windows cached credentials. Arg. Any common pitfalls?
I got it almost working now. If I'm connected to the company LAN or have no connection the Junos Pulse starts but does nothing. As soon as I have an internet connection the tunnel is built. So the always-on works.
So do I get it right, that if I'm not able to connect via VPN directly at the log on but later instead, that I'm then not able to pass on the user credentials of the currently logged on user? I think I get at least the user account name right, since I see it when Pulse pops up in the domain synthax DOMAIN\username. But the password is missing. I wonder if there's a workaround to get the password filled out as well. Is it maybe stored somewhere in encrypted form?
Do't know why Juniper thought centering the comments was a great job but the again...
This may be what you are looking for. Or do you want the Secure Access Service to cash the password?