don't believe this is supported as you noted as the 2nd netconnect will detect that netconnect is already up and running

Unfortunately, this is not supported/possible.

The only way I know to work around that limitation is by setting up a VMWare image running in NAT mode:

- The VM host machine is running NC1 to Site1

- The VMWare guest is running NC2 to Site2

Not sure this is acceptable for you but it;s the only way I can think of.

The limitation is that you cannot have multiple copies of Network Connect / WSAM / JSAM running on a PC at once... but if you mix them you can accomplish this.

So if I'm understanding your configuration right, it sounds like you're trying to use Network Connect for both connections and that's your problem. If instead you used WSAM on Site1 and gave it access to connect to Site2, then you theoretically could have Site2 launch Network Connect and be fine. I'd imagine that this would be pretty slow, though, as you're forcing your traffic through 2 SSL tunnels, but it should work. I have a vendor that does the reverse with us (their techs work remotely, so they connect to the vendor SSL VPN through Network Connect, then they connect to my SSL VPN via WSAM)

Could you configure a VPN connection to your firewall then hit the 2nd SSL VPN?

Another question, why do you have users hitting an SSL VPN when they are already on the LAN? Is it only for SSL encryption between workstation and destination server?

I run into the same problem

what we are thinking about is to :

juniper ssl vpn over F5 ssl vpn

does it work?