Could anybody do tell me how pulse handles traffic of SSL VPN when connected with pulse client in terms of flow from client to VPN accessable resource( DHCP pool has been configured with a range different from PCS network )
PCS IP - 192.168.1.1
SSL tunnel DHCP pool - 10.10.10.1- 10.10.10.10
so when vpn client gets ip from 10.x.x.x series where PCS will forward this traffic wether it do from NAT or forward without NAT if so to which destination.
and also what will be flow for reverse path????
Not sure I follow the question so apologies if this is not the answer you are looking for.
The PCS does not do any nat at all.
The address pool will need to be routed to the pcs interface. The dhcp addresses will be on the clients and this will be the source address of traffic. So the return traffic has to come from the internal infratstucture to the pcs to reach the clients.
On the client side routing is controlled by your split tunnel settings.
Hi - Assuming you are using the L3 VPN tunnel mode once the packet reaches a PCS gateway from the a VPN client it is decrypted and the orignal application packet is extracted from the ESP payload and forwarded to the backend resource without any further NAT so the IP assigned to the client from the DHCP pool is what will appear as source IP in the packet
There are no nat or proxy abilities on the pcs for layer 3 connect traffic. You have to assign an address pool for the connected users and these pool addresses will be what is used by the pulse secure connected devices for internal access.
As I tested in the live scenarios, PCS will create a P2P tunnel for VPN users traffic and straightforwardly push that to gateway we assigned on PCS.
So for getting reverse traffic, you should have proper routing for VPN users IP subnet in your internal network.
Also, there is no option of natting VPN users traffic to pulse interface IP as a lot of VPN solutions support that.