cancel
Showing results for 
Search instead for 
Did you mean: 

Route propagation from Pulse Connect Secure to Client Software

New Member

Route propagation from Pulse Connect Secure to Client Software

Can anyone point me to a document that describes this process? I have a MAG 2600 with a couple VLANs installed on the inside interface of the VPN concentrator. One VLAN (the native one) is a /26 and the mask is propagated to my local host when I connect to that user profile. The other VLAN is a /27, but the mask is set to a /32... and the network is treated as if it were a /24 along the regular class C boundry. Are there debugging tools within Pulse Connect Secure? or the Pulse client to monitor this?

 

Example:

Network is 192.168.100.96/27. I'm assigned an address from the pool properly, let's say that I get 192.168.100.103. If I look at the ifconfig from that address assignment I see it as 192.168.100.103/32. If I try to connect to anything outside of the natural /24 to say 192.168.105.1, the routing works fine. If I try to connect to 192.168.100.1, the connection fails and the default router is not accessed (I monitor the interface of the router to see this).. 

2 REPLIES 2
Highlighted
Frequent Contributor

Re: Route propagation from Pulse Connect Secure to Client Software

Are the native VLAN (/26) and other VLAN (/27) using the same IP address space?

i.e. 192.168.100.96

 

From my understanding, /32 masked IP addresses will be handed out to the clients, if the assigned tunnel IP address is in a different subnet as the Internal port of the VPN server.

 

Traffic from the client machine (sourced from 192.168.100.103) will reach the tunnel interface (10.200.200.200 - default) and passed along to the Internal port for forwarding.

 

> Are you able to reach 192.168.100.1 from the Internal port?

> Since you're using VLANs, I can safely presume that the Internal port is connected to a tagged/trunk interface and the user roles are mapped with appropriate VLANs under the Source IP/VLAN option on the user roles, correct?

> The router (192.168.100.1) which you are trying access, is it the default gateway of the VPN server?

 

Moderator

Re: Route propagation from Pulse Connect Secure to Client Software

Is 192.168.100.1 in the ACL that you have defined for the role?
Is there a route to that on the internal network?
Does the internal network have a route from 192.168.100.1 to 192.168.100.103 through the appliance internal interface?