Re: Pulse Secure 5.2.6 / Windows 7 Basic Routes

stewartbrianm · ‎02-12-2017

I use Pulse Secure with a predefined configuration for a work VPN connection, and I would like to know if it's possible to set up a static route such that traffic to some destination goes through the VPN and traffic to some other destination does not.

For example, if my work-related traffic is all bound for 111.111.111.0/24, I only want traffic destined for 111.111.111.0/24 to go through the VPN.
I want all other traffic to not go through the VPN.

It looks like Pulse Secure establishes several routes, one being for 0.0.0.0 with a mask of 0.0.0.0 (all IPv4 addresses), with a metric of 1.
With a previous VPN client, I was able to create static routes such that 0.0.0.0/0 had a metric of (for example) 50 for the VPN and 40 for one of my other interfaces, so traffic preferred the other (non VPN) interface. For the actual VPN functionality, I was able to add another static route for 111.111.111.0/24 with a metric of 30 bound to the VPN interface.

The end result was that traffic bound for 111.111.111.0/24 went through the VPN and all other traffic did not go through the VPN.

When I try to do this with Pulse Secure, it doesn't seem to work. I am able to change the metric on the route that Pulse Secure creates (by default it's metric 1 for 0.0.0.0/0), but I can't actually get out on my other interfaces unless I disconnect or suspend. Is there some way to configure this the way I need it?

Thanks

zanyterp · ‎02-12-2017

That is something you will need to work out with your admin
The rules in place on your access prevent those changes from being made & applying

manum · ‎02-22-2017

Hello,

This can be configured in split tunneling rules on the gateway itself.

When you will launch the VPN you will have routes for the networks you have autorized and only this traffic will be routed in the tunnel.

Regards.