My company uses a Juniper SA2500 for SSL VPN. I have a question about allocating IP addresses to Network Connect using a DHCP server. I have found that Network Connect can sucessfully use DHCP if the DHCP scope configured on the DHCP server is the same network that the SA2500 internal port belongs too. EXAMPLE #1 ----------------- DHCP Server Scope: 18.104.22.168-20/24 SA2500 Network Connect Server IP Address: 22.214.171.124/24 DHCP server 126.96.36.199/24 <-> 188.8.131.52/24 Cisco Router 184.108.40.206/24 <-> 220.127.116.11/24 SA2500 Internal Port The SA2500 internal port is in a different network to the DHCP server, so the Cisco Router does DHCP relay. This scenario works, however I want to use a DHCP scope that is a different network to the SA2500 Internal Port. EXAMPLE #2 ----------------- DHCP Server Scope: 18.104.22.168-20/24 DHCP server 22.214.171.124/24 <-> 126.96.36.199/24 Cisco Router 188.8.131.52/24 <-> 184.108.40.206/24 SA2500 Internal Port The SA2500 does not have an interface in the network 220.127.116.11/24. I can not add this network as a Virtual Port of the Internal Port. So I cant set the Network Connect Server IP Address to an IP address in the network 18.104.22.168/24. Therefore the GIADDRESS in the relayed DHCP Request is the IP address of the Internal Port 22.214.171.124/24. The DHCP Server does not match this with a configured scope and can not allocate any IP address. How can I configure the SA2500 to use a DHCP scope for Network Connect that is different to the Internal Port network? Note I must use a DHCP server, I do not want to use a local IP Address Pool on the SA2500.
... View more
Can the SA2500 IVE be used as a HTTP Reverse Proxy? EXAMPLE End user web browses to URL https://www.company-outside.com, which resolves to the public IP address a.a.a.a configured on an interface of the SA2500. The SA2500 automatically reverse proxies the HTTP request to https://www.company-inside.com, which resolves to the private IP address b.b.b.b configured as an interface of the SA2500. The end-user must not be required to authenticate with the SA2500. The URL displayed in the end users browser must remain unchanged.
... View more