Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Routing on interfaces

sabeel_93
New Contributor
‎10-29-2021 08:56:AM
‎10-29-2021 08:56:AM

Routing on interfaces

Hi,

 

I am working for a company who has implemented a pulse secure soloution, but they have default routes on all three interfaces. The set-up is working fine, but struggling to understand why its working and was wondering if pulse prefers maybe external interface as its default route. if anybody has any ideas, please let me know.

 

Best Regards,

 

Sabeel

0 Kudos
4 REPLIES 4
r@yElr3y
Moderator
Moderator
‎11-09-2021 05:02:PM
‎11-09-2021 05:02:PM

Re: Routing on interfaces

@sabeel_93 It's basically virtual routing instance i.e., each interface has their own route table rather than sharing the same one, so if an external client connects to VPN they'd be ending up on the external interface and reply traffic will be sent using the same.

 

VPN server will always use Internal port sourcing other type of traffic like DNS, etc. which can be configured to other interfaces as well.

 

PCS Expert
Pulse Connect Secure Certified Expert
sabeel_93
New Contributor
‎11-10-2021 01:43:AM
‎11-10-2021 01:43:AM

Re: Routing on interfaces

Hi,

 

Thank you for your reply. do you have any links to a document that describes this or maybe a link with a diagram ?

 

I understand that the clients are given private IP's by the pulse from its pool - these packets coing fromt eh clients will still come from the external interface and then will need to the the internal interface to get to applications and resources whin our DC. How does it know that the traffic received from one interface needs to be passed to another ?

 

Best Regards,

 

Sabeel

0 Kudos
zanyterp
Moderator
Moderator
‎11-10-2021 08:14:AM
‎11-10-2021 08:14:AM

Re: Routing on interfaces

connectivity from the vpn clients to the internal network will source from the assigned IP; the route needs to point to the internal port of the pcs appliance in order to route traffic successfully
you should not see sourcing from the external port of the appliance to internal resources
r@yElr3y
Moderator
Moderator
‎11-10-2021 02:41:PM
‎11-10-2021 02:41:PM

Re: Routing on interfaces

@sabeel_93 Traffic received over the external traffic would be encrypted, hence after decrypting the payload, VPN server will find the destined to the internal resource and sourced from the client's private/tunnel IP address, then the VPN server will use the internal port's route to forward the traffic.

 

Client public IP >> (encrypted data - tunnel mode) >> VPN public IP - external port >> (decrypts the data) >> (actual IP packet destinated to internal resource) >> VPN server forwards the traffic to next hop based on the Internal port's route.

PCS Expert
Pulse Connect Secure Certified Expert
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.