A PC running Network Connect can be contacted by a network host within the secured network. For example, I just did a traceroute from my PC (inside the network) to a NC user's address. Here is the output -

Tracing route to 10.179.202.16 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 10.34.8.6
2 21 ms 21 ms 21 ms 10.49.245.1
3 22 ms 21 ms 21 ms 10.0.8.10
4 23 ms 23 ms 21 ms 10.179.4.115
5 89 ms 104 ms 98 ms 10.179.202.16

Trace complete.

In this instance, 10.179.4.115 is the address of my SA, and 10.179.202.16 is the address assigned to the NC session.

Yes, we do this all the time with PCAnywhere.

Couple thoughts..

Is the machine running any kind of software firewall that could be blocking inbound connections ?

Can you ping the pc from the inside ?

Thanks.

I had logged a call with Juniper TAC and they said it was not possible, so after getting these replies, i dug deeper.

I assume the Juniper FWs add routes statically cos the remote PC was able to ping a server on the LAN using NC, but i wasnt able to ping from the server to the remote PC.

I added a static route to get to the NC subnet via the SSL device and it came up.

I was thrown by the fact that the return traffic from the remote PC WASNT routed out the default gw despite the fact that their were no routes for the NC connect subnet to go via the SSL.