Is there a summary somewhere of what is possible with an SA2500 and an iPhone?
I have a user would would like to be able to use Citrix/Remote Desktop (I know, I know) on an iPhone - not sure what model or iOS but if the SA code doesn't support anything other then a Network Connect type connection it's academic anyway.
Your best bet for something like this is the supported platforms guide (it can be found on the software page of each OS version).
In summary, though, you can do the following:
web (core) access
With Pulse (configured on the SA2500 for Network Connect on the role the user logs in to) users can connect to intranet resources on the LAN; this is the only option that will support Citrix access.
Do the iPhone connections go up and down and up and down? Or do I have something misconfigured? Or is this normal for the app on the iPhone?
you can add ActiveSync to zanyterp's list. It works with Exchange and Z-Push (Zarafa, ...),
ActiveSync connections do not count against the concurrent user license. It's maximum depends on your SA model. 1000 concurrent ActiveSync connections are supported on SA6500.
Regarding the Junos Pulse Client on the iPhone:
It works only with iOS 4.1, so not with older iPhones/iPods and currently not with iPad (4.2 for the iPad is expected in November.
Yes, the iPhone (Pulse) disconnects itself from the SA while no VPN traffic is needed and it reconnects if the iPhone initiates a new connection (eg. mail polling from an IMAP server).
Sometimes it disconnects completely and you have to manually reconnect. I haven't discovered if it is a timeout or something else. Sometimes the automatic reconnect occurs to late for an application if it doesn't retry to connect after first failed attempt (eg. the IMAP mail refresh if you open the mail app.
Between the first connect and the real disconnect (= automatic reconnection on outgoing traffic) a concurrent user license is occupied.
Hope it sheds some light on it.
Thanks, that's exactly the explanation that I was looking for.