We just recently implemented our Juniper SSL VPN and I'm experiencing an odd problem with my users who are connecting via Verizon Wireless Broadband PC5750 Air Cards connecting to my SA4500 with NC. When the users are connected to NC they have no issues accessing private resources with the exception of browsing external web sites with a Proxy server. Our goal was not to prevent users from browsing external sites but while connected to the corporate network we wanted the content filtering to better secure our environment so we direct them through our proxy. We control the proxy server definition (.pac file) on our Windows devices through GPO so we do not force down a proxy in the NC configuration. I've confirmed the clients are able to get to the .pac file on on the internal network and have confirmed they are performing DNS lookups without error but the no web page in the browser is displayed. Network captures have been inconclusive. We've eliminated client firewalls and other security software from being the cause by removing them from the Windows clients.

About 65% of my mobile workforce use these cards exclusively for connectivity so this is causing me a lot of greif.

No other users are experiencing this issue using the same NC configuration coming into the SA through other internet connectivity.

I've seen other posts in the forum for users having disconnect issues with Sprint EVDO cards on NC. I've looked for compression settings in the Verison software (VZAccess Manager) and there is no setting to control it from there.

I opened a JTAC case and am waiting to hear back from them. If anyone has seen this or has any suggestions or information would be appreciated.

Configuration:

(2) SA4500 in Active/Passive cluster

IVE 6.3R3 build 13881

Network Connect with Local Subnet Access Only Split Tunneling enabled