cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Client traffic flow

Occasional Contributor

SSL Client traffic flow

Hi All,

 

Could anybody do tell me how pulse handles traffic of SSL VPN when connected with pulse client in terms of flow from client to VPN accessable resource( DHCP pool has been configured with a range different from PCS network )

 

PCS IP - 192.168.1.1

SSL tunnel DHCP  pool - 10.10.10.1- 10.10.10.10

 

so when vpn client gets ip from 10.x.x.x series where PCS will forward this traffic wether it do from NAT or forward without NAT if so to which destination.

 

and also what will be flow for reverse path????

 

Pls he

5 REPLIES
Highlighted
Super Contributor

Re: SSL Client traffic flow

Not sure I follow the question so apologies if this is not the answer you are looking for.

 

The PCS does not do any nat at all.

 

The address pool will need to be routed to the pcs interface.  The dhcp addresses will be on the clients and this will be the source address of traffic.  So the return traffic has to come from the internal infratstucture to the pcs to reach the clients.

 

On the client side routing is controlled by your split tunnel settings.

 

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP) - http://puluka.com/home
ruc
Pulser

Re: SSL Client traffic flow

Hi - Assuming you are using the L3 VPN tunnel mode once the packet reaches a PCS gateway from the a VPN client it is decrypted and the orignal application packet is extracted from the ESP payload and forwarded to the backend resource without any further NAT so the IP assigned to the client from the DHCP pool is what will appear as source IP in the packet

 

 

New Member

Re: SSL Client traffic flow

Is there any way to NAT or proxy the traffic of the Client users with Internal interface of the PCS ??

Super Contributor

Re: SSL Client traffic flow

There are no nat or proxy abilities on the pcs for layer 3 connect traffic.  You have to assign an address pool for the connected users and these pool addresses will be what is used by the pulse secure connected devices for internal access.

 

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP) - http://puluka.com/home
Occasional Contributor

Re: SSL Client traffic flow

As I tested in the live scenarios, PCS will create a P2P tunnel for VPN users traffic and straightforwardly push that to gateway we assigned on PCS.

 

So for getting reverse traffic, you should have proper routing for VPN users IP subnet in your internal network.

 

Also, there is no option of natting VPN users traffic to pulse interface IP as a lot of VPN solutions support that.