Network Connect - just found this problem - help!

knobbynoo_ · ‎10-01-2010

So I create an NC Resource Policy. For example I just want to give users access to say 192.168.1.0/24 on port 3389.

Ok, so i create the access policy (tcp://192.168.1.0/24:3389)

Next, I create the NC Connection Profile in which I create the dhcp pool & enter the dns settings for NC users, so they can connect to hosts in the 192.168.1.0/24 by name. I also create the NC Server side config, containing the NC Server IP Address.

Finally, I create the Split Tunneling Policy, where I add the 192.168.1.0/24

This all works.

What is baffling me is that users are able to create a terminal services connection to our two DNS servers (192.168.10.10/11), which I configured in the NC Connection profile. These servers are clearly not in the 192.168.1.x/24 subnet.

Could anyone tell me why this is happening?

Much appreciated.

rfrederick_ · ‎10-03-2010

Can you see what you see in the client routing-table?

Ron

RKB_ · ‎10-03-2010

A trace route from client computer (NC client) will tell if the traffic to DNS servers is reaching out to the IVE and then getting forwarded.

zanyterp_ · ‎10-07-2010

On the DNS configuration, do you have the option to auto-allow DNS enabled? That option allows this behavior.

Do the users map to any other roles that have different ACLs applied?

Network Connect - just found this problem - help!

Network Connect - just found this problem - help!

Re: Network Connect - just found this problem - help!

Re: Network Connect - just found this problem - help!

Re: Network Connect - just found this problem - help!