My company uses a Juniper SA2500 for SSL VPN. I have a question about allocating IP addresses to Network Connect using a DHCP server. I have found that Network Connect can sucessfully use DHCP if the DHCP scope configured on the DHCP server is the same network that the SA2500 internal port belongs too. EXAMPLE #1 ----------------- DHCP Server Scope: 22.214.171.124-20/24 SA2500 Network Connect Server IP Address: 126.96.36.199/24 DHCP server 188.8.131.52/24 <-> 184.108.40.206/24 Cisco Router 220.127.116.11/24 <-> 18.104.22.168/24 SA2500 Internal Port The SA2500 internal port is in a different network to the DHCP server, so the Cisco Router does DHCP relay. This scenario works, however I want to use a DHCP scope that is a different network to the SA2500 Internal Port. EXAMPLE #2 ----------------- DHCP Server Scope: 22.214.171.124-20/24 DHCP server 126.96.36.199/24 <-> 188.8.131.52/24 Cisco Router 184.108.40.206/24 <-> 220.127.116.11/24 SA2500 Internal Port The SA2500 does not have an interface in the network 18.104.22.168/24. I can not add this network as a Virtual Port of the Internal Port. So I cant set the Network Connect Server IP Address to an IP address in the network 22.214.171.124/24. Therefore the GIADDRESS in the relayed DHCP Request is the IP address of the Internal Port 126.96.36.199/24. The DHCP Server does not match this with a configured scope and can not allocate any IP address. How can I configure the SA2500 to use a DHCP scope for Network Connect that is different to the Internal Port network? Note I must use a DHCP server, I do not want to use a local IP Address Pool on the SA2500.
... View more