cancel
Showing results for 
Search instead for 
Did you mean: 

Network Connect - just found this problem - help!

Occasional Contributor

Network Connect - just found this problem - help!

So I create an NC Resource Policy. For example I just want to give users access to say 192.168.1.0/24 on port 3389.

Ok, so i create the access policy (tcp://192.168.1.0/24:3389)


Next, I create the NC Connection Profile in which I create the dhcp pool & enter the dns settings for NC users, so they can connect to hosts in the 192.168.1.0/24 by name. I also create the NC Server side config, containing the NC Server IP Address.

Finally, I create the Split Tunneling Policy, where I add the 192.168.1.0/24

This all works.

What is baffling me is that users are able to create a terminal services connection to our two DNS servers (192.168.10.10/11), which I configured in the NC Connection profile. These servers are clearly not in the 192.168.1.x/24 subnet.

Could anyone tell me why this is happening?

Much appreciated.

3 REPLIES 3
Occasional Contributor

Re: Network Connect - just found this problem - help!

Can you see what you see in the client routing-table?

Ron

Highlighted
Frequent Contributor

Re: Network Connect - just found this problem - help!

A trace route from client computer (NC client) will tell if the traffic to DNS servers is reaching out to the IVE and then getting forwarded.

Respected Contributor

Re: Network Connect - just found this problem - help!

On the DNS configuration, do you have the option to auto-allow DNS enabled? That option allows this behavior.

Do the users map to any other roles that have different ACLs applied?