Re: juniper SSL vpn over F5 ssl VPN in one PC

Robbie_ · ‎07-17-2015

client's PC ------------internet----------site1's F5 ssl vpn

--------------------------------------F5 ssl vpn-------------site2's Juniper ssl vpn

does it work?

firstly we need to connect to site1's F5 ssl vpn to get lan's ip

secondly we connect to site2's juniper ssl vpn since this device should stay in lan

The main reason for this juniper ssl vpn is for 2 factors authentication(RSA)

any comment is appreciated?

JaiLaisram · ‎07-21-2015

This won't work if you have

client --->vpn tunnel to site1 f5 --->vpn tunnel to site2Pulse secure

the reason is we can't establish 2 simultaneous VPN tunnels

It will work if you have

Client ---> vpn tunnel to site1 f5 > Core/web based/SAM(Application layer tunneling)/terminal services access to site2Pulsesecure

zanyterp · ‎07-23-2015

As JaiLaisram said, we don't expect it to work; however, we do not have any rules in place to prevent it. It is very possible that F5 has rules in place to prevent it (depending on how they have split tunneling and route monitoring configured); but the Pulse Secure client does not check if there is another VPN up or not.

You reference the use of the Pulse Connect Secure appliance for 2FA; is that because there is two VPN tunnels up OR because it has the ability to do 2FA and the F5 does not?