Has anyone had any success in allowing two NC (or Pulse) Clients to talk to each other via the Secure Access?
I have a need for teleworkers to be able to call each other on soft phones. I've tried including the VPN Client address range in the split-tunneling options (for traffic to send down the tunnel), but this doesn't seem to work.
Currently my work-around is to configure the PABX to force all traffic from my remote user network region to be hair-pinned back to the media gateway, but this will not work for point-to-point video calls.
If anyone from Juniper is reading this, consider this post an enhancement request : )
Good question! I've noticed this, too. I've never tested to see if it happens only to sessions in the same subnet or it happens with any two sessions on the same machine.
Also, I've noticed that you cannot establish an administrative session to a device you are tunneled to, even if you do so through a different interface and different DNS name. I think a ping to the device also fails.
I've never understood either of these phenomena.
My NC ACL allows all traffic, and my Split-Tunneling Networks allow the Client's LAN, and the subnet used to allocate NC addresses to clients.
I don't want direct access between clients, I still want their traffic to be tunnelled, but I don't think this is supported some how (the SA doesn't seem to route between clients).
You are correct, the SA won't route between the NC clients; they will need to go out through the network. What does a TCP dump on all 3 interfaces (both NC clients and then the internal port of the IVE) show?