Hi Dan,

After NC connected, in IE > Options > connection setting we should see instantproxy.pac file. Do you see this file?

Also, VPN tunnel configured in split tunnel enabled or disabled?

I did a quick check in lab,

MAG2600

7.1R4.1

Pulse 2.1R2

Network Connect Connection Profiles > Proxy Server Settings, I set manual proxy

Role > Network connect > VPN tunneling option I set to Split tunnel disable

After I establish VPN tunnel, I could see that all my IE internet traffic flow via mentioned proxy setting.

Thanks,

Suresh

I do not see that in IE settings. I wonder if this is an issue with the version of pulse or the IVE I am running? I have a test box I can load an updated IVE on but any other recomendations would be appreciated.

thanks,

Dan

Ok Dan....I hope we will have more information when you have the lab setup and test results.

Just a couple quick notes -

I just tested in in my lab environment which is setup almost identical to my production and I have the same issue. I will be updating the IVE and Pulse client to see if that resolves it.

As far as split tunnel - The connection profile I use for network connect/pulse is used for full and split tunnel connections. I have different roles in place to access different network resources. Basically if a user is not on a corporate network it is full tunnel and if they are on a corporate network it is split tunnel to specific network segments. I will update as I learn more.

Thanks,

Dan

Update -

I configured my test environment similar to yours:

SA6500

7.1R4.1 (build 19525)

Pulse 2.1R4

I set the manual proxy in the network connect connection profile, and utilized 1 role that has split tunnel disabled. Unfortunately I have the same results, it does not modify the internet explorer proxy settings. What version of IE are you testing with? I am currently testing with IE 8

thanks,

Dan

1 more update -

If I switch to the network connect client instead of the pulse client it works. Does this not work with the pulse client?

Thanks,

Dan

Hi Dan,

I'm using IE 8 (32bit) and Windows 7 Professional (32bit).

> Does this not work with the pulse client?

Please open Jtac case to get this investigated further.

Thanks,

Suresh

Update -

ok, I actually found the problem. This works fine in Windows XP 32bit but the OS I am having issues with is Windows 7 x64. I ran procmon while connecting and discovered the dsAccessService.exe is trying to write the instantproxy.pac to C:\Users\Administrator\AppData\Roaming\Juniper Networks\instantproxy.pac instead of the logged in user's temp directory. This would cause it to fail as the logged in user will not have access to that directory. Any idea why it is trying to write to the administrator profile instead of the logged in profile? The only reason I can think of is because dsAccessService.exe is running as SYSTEM but this is the case in Windows XP also but it still writes to the logged in user's profile. I am going to open a case but wanted to update this thread also incase others run into this problem or if anyone has any workarounds. I am continuing to troubleshoot this and will update with more info as available.

Thanks,

Dan

are you running this as an admin or standard user with the juniper installer service?