Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network Connect Problems

ramez_
Not applicable
‎03-21-2010 09:10:AM
‎03-21-2010 09:10:AM

Network Connect Problems

I'm running Juniper Network Connect 6.4 on Snow Leopard. I've already applied the fix to get the software to run. The problem I'm having is that while it's running, my computer does not appear to recognize I'm connected. For instance, if I try to access sites that are IP restricted it will not let me access them. The IT people at my university don't seem to know what to do. If I look at what IP address my browser thinks I'm on, it's the one that is assigned through my ISP. Here's what ifconfig looks like:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether d4:9a:20:d4:bb:ae
media: autoselect status: inactive
supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,flow-control> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,flow-control> 100baseTX <full-duplex,hw-loopback> 1000baseT <full-duplex> 1000baseT <full-duplex,flow-control> 1000baseT <full-duplex,hw-loopback>
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::d69a:20ff:fe78:55d3%en1 prefixlen 64 scopeid 0x5
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
ether d4:9a:20:78:55:d3
media: autoselect status: active
supported media: autoselect
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.245.1 netmask 0xffffff00 broadcast 192.168.245.255
ether 00:50:56:c0:00:01
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.182.1 netmask 0xffffff00 broadcast 172.16.182.255
ether 00:50:56:c0:00:08
jnc0: flags=841<UP,RUNNING,SIMPLEX> mtu 1400
inet 10.65.4.7 netmask 0xffffffff
open (pid 21083)
jnc1: flags=841<UP,RUNNING,SIMPLEX> mtu 1450
closed

You can see the Juniper connection is being made to an IP address that should allow me access._
I also tried this on my virtual machine. I have VMWare Fusion with XP as my guest. If I run ipconfig -all, here's the output while using NAT:

Windows IP Configuration

Host Name . . . . . . . . . . . . : ramez-f7026bbc0
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : localdomain
utk.edu

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter

Physical Address. . . . . . . . . : D4-9A-20-78-55-D3
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 172.16.182.131
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.182.2
DHCP Server . . . . . . . . . . . : 172.16.182.254
DNS Servers . . . . . . . . . . . : 172.16.182.2
Lease Obtained. . . . . . . . . . : Sunday, March 21, 2010 12:04:28 PM
Lease Expires . . . . . . . . . . : Sunday, March 21, 2010 12:34:28 PM

Ethernet adapter Network Connect Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Juniper Network Connect Virtual Adap
ter
Physical Address. . . . . . . . . : 00-FF-08-D0-6E-89
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.65.4.18
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 10.200.200.200
DNS Servers . . . . . . . . . . . : 160.36.0.66
160.36.128.66
Primary WINS Server . . . . . . . : 160.36.0.68
Lease Obtained. . . . . . . . . . : Sunday, March 21, 2010 11:01:12 AM
Lease Expires . . . . . . . . . . : Sunday, March 28, 2010 11:01:12 AM



I used Network Connect Troubleshooting. Here are the tests that failed:

Under AMD PCNET Family PCI Ethernet Adapter:

The ping of the DHCP Server

Under Juniper Network Connect Virtual Adapter:

The ping of the DHCP Server and the DNS Servers

Is this what the problem is? There is also a program installed called Windows Secure Application Manager, but I cannot seem to use the program to add any applications. There is one application I need to use that has a license server that checks IP addresses. The one assigned while running Network Connect would be valid. I just can't figure out to tell my machine to use it.

Many thanks in advance.

0 Kudos
3 REPLIES 3
kmaybe_
Occasional Contributor
‎03-22-2010 03:09:PM
‎03-22-2010 03:09:PM

Re: Network Connect Problems

This sounds like a configuration issue on the SSL VPN device.

From your description, it would appear that Split Tunneling mode is configured on the SA for your Network Connect access. Otherwise, all of the traffic would be forced through the NC tunnel and your browser would not detect your IP address as the one assigned to your local LAN adapter.

It sounds like a configuration issue on the SA where you are getting assigned an IP address from a pool that cannot route traffic to the internal network's DNS servers. If Network Connect cannot ping the DNS servers that have been assigned to your connection then this will cause NC tunneled DNS queries to fail and since your ISP DNS servers cannot locate servers that are within the corporate network, you won't be able to access NC resources because the DNS is going to fail.

I would let the helpdesk know specifically that the DNS servers being assigned for the Network Connect connection are not reachable. Maybe they need to assign a different IP address range, or specify different DNS servers.

Also, they should check that the server you need access to via NC is defined in the Split Tunneling resource list as well as in the Network Connect ACL list in the Network Connect Connection Profile.

0 Kudos
rvi_
Occasional Contributor
‎03-23-2010 12:27:AM
‎03-23-2010 12:27:AM

Re: Network Connect Problems

Windows Secure Application Manager is aTDI driver and works ONLY for supported windows OS

0 Kudos
azpcox_
Occasional Contributor
‎03-26-2010 08:06:AM
‎03-26-2010 08:06:AM

Re: Network Connect Problems

Your ifconfig output looks correct. Once connected via Network Connect on the Mac, you'll see the "new" jnc0 interface up with the SA assigned IP address (from your pool or DHCP relay server). That appears to happen fine. It does sound like a combination of split tunneling and Network Connect Access Control lists for the particular Role you are getting assigned. Check those policies to make sure the make sure the traffic you are "missing" is actually allowed outbound in the first place.

PC

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.