Pulse Secure formerly SSL VPN
Showing results for 
Search instead for 
Do you mean 
Reply
Contributor
Posts: 13
Registered: ‎06-08-2012
0 Kudos
Accepted Solution

NC not working after upgrade to 7.2r2

Hi

 

I am hoping someone could help.

 

We upgraded from firmware 6.3 to 7.2r2 and since then our NC doesnt work any more. However if I roll back to 6.3 it works perfectly.

 

There seems to be something different in the new version that is no longer allowing us to RDP to servers.

 

I have compared both configs and they are both the same, i just cant work out what is going.

 

JTAC even tried to login but encountered the same problem, thus it cant be any install fault because they would have had the same install files.

 

anyone help??

 

Thanks

 

Juniper|Guy

Trusted Contributor
Posts: 97
Registered: ‎11-06-2007
0 Kudos

Re: NC not working after upgrade to 7.2r2

Couple of things...

Check your NC ACL maybe?

Also, are you accessing the severs via name or IP address, if by hostname, make sure your DNS settings are intact.

Is the problem isolated to a particular role?

Is RDP the only thing you're having a problem with?

Have you tried creating a new NC profile?

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: NC not working after upgrade to 7.2r2

Can you tracert from the LAN to the Network Connect IP?
Contributor
Posts: 13
Registered: ‎06-08-2012
0 Kudos

Re: NC not working after upgrade to 7.2r2

Hi

 

Trace route stops at the internal IP address which is listed at Sys > NW > Internal Port > Settings.

 

If I do a trace route back from the client pc that i am connected on with NC, it stops at the default IP: 10.200.200.200

 

 

Contributor
Posts: 13
Registered: ‎06-08-2012
0 Kudos

Re: NC not working after upgrade to 7.2r2

Hi

 

my NC ACL settings are the same on both versions,, 6.3 and 7.2.

 

We dont use the DNS name, we connect the end points using IP addresses. I have checked that DNS server IP are maintained throughout both firmware versions and they are.

 

Not sure what it could be, but NC is having problems for us on 7.2, everything else is working prefectly fine, all realms have come up ok.

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: NC not working after upgrade to 7.2r2

If you're in a cluster, can you confirm the value at System>Network>VPN tunneling for the ip filter?
Contributor
Posts: 13
Registered: ‎06-08-2012
0 Kudos

Re: NC not working after upgrade to 7.2r2

Hi

 

Under Sys > Network > NC

 

All i have is * under the IP Address Filter

 

This is back on 6.3 as I had to roll it back due to business requirements, but will be back to testing 7.2 on tuesday.

 

Thanks

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: NC not working after upgrade to 7.2r2

Ok; sorry you had to rollback.
If you can, please open a JTAC case if the same occurs again. This is something I, myself, am not aware of yet
Recognized Expert
Posts: 416
Registered: ‎11-25-2009
0 Kudos

Re: NC not working after upgrade to 7.2r2

Hi,

 

Please take a client side network connect log ,a wireshark capture from the NC adapter,policy trace and a TCP dump from the SA internal port when it is in 6.3 and working.

 

This will help us in investigation the issue

 

Thanks,

Jay

Contributor
Posts: 32
Registered: ‎07-30-2008
0 Kudos

Re: NC not working after upgrade to 7.2r2

We saw a ton of issues when regression testing the 7.2R2 build, including hostchecker breaking. We determined that the 7.2R2 build is junk. Install the 7.1R10 build and you'll be much happier. 

Highlighted
Contributor
Posts: 13
Registered: ‎06-08-2012
0 Kudos

Re: NC not working after upgrade to 7.2r2

I may give that i try actually and see how i get on with 7.1

Contributor
Posts: 13
Registered: ‎06-08-2012
0 Kudos

Re: NC not working after upgrade to 7.2r2

looks like 7.2 do have some problems....upgraded to 7.1r10 and it works fine.

 

Thanks for your help guys! Smiley Happy

Moderator
Posts: 2,347
Registered: ‎11-19-2007
0 Kudos

Re: NC not working after upgrade to 7.2r2

Glad to hear it is working now; sorry to hear it didn't with with 7.2R2.
Recognized Expert
Posts: 416
Registered: ‎11-25-2009
0 Kudos

Re: NC not working after upgrade to 7.2r2

Hi there,

 

We would be interested to find out the root cause and find out what broke in 7.2x code  as we have had a couple of similar cases but could not get the logs we need as systems were immediately rolled back.The logs required would be a system snapshot with debug logging enabled for event code ipsec at level 20 and size 20,wireshark from NC adapter, SA TCP dump,route print output after NC connection and client side debug log with 7.2x code and corresponding set of same logs on 7.1rx code where it is working fine

 

We have tried replicating this in lab and could not replicate the same behavior so these logs above will help

 

Please do let us know when you again plan to upgrade to 7.2r3 code, we can maybe take a small downtime and troubleshoot and collect logs for engineering to debug the issue, when you plan to do that, please open a new case and inbox me the JTAC case number.

 

Thanks,

Jay

Recognized Expert
Posts: 416
Registered: ‎11-25-2009
0 Kudos

Re: NC not working after upgrade to 7.2r2

Hi Juniper Guy,

 

Could you please let me know if the NC IP pool is in a different subnet to your internal network and if you have a route on the firewall with destination as the NC IP pool subnet and gateway as the Cluster internal VIP IP(if the device is in a cluster)

 

Regards,

Jay

Contributor
Posts: 29
Registered: ‎04-20-2011
0 Kudos

Re: NC not working after upgrade to 7.2r2

Not sure if you had the same issue I did but in the Configuration->System ->Network->VPN Tunneling page there is a horribly worded "VPN Tunnel Server IP Address" with that weird IP address of 10.200.200.200 or something.

 

What this field should say is "Default gateway of Network Connect clients" or something better since there is almost no documentation for that section.

 

This should be the the gateway of the subnet that connects the SA device to your client pool.  I have no idea why they have that 10.200.200.200 or whatever IP address in there, but if you don't set it correctly, its by some miracle that NC would even work with this version.

 

 

Let me try to clarify this..

 

My SA device is using 10.120.5.5 for the internal port.

Under the resource profiles for VPN tunneling, I created a connection profile, created an IP address pool using 10.120.6.2-10.120.6.254.

I set a static route in my core router that looks something like:  ip route 10.120.6.0 255.255.255.0 10.120.5.5

Therefore, my VPN Tunnel Server IP Address is set to 10.120.6.1 and all is well with NC clients routing.

 

Hope this helps...

Visitor
Posts: 1
Registered: ‎12-02-2008
0 Kudos

Re: NC not working after upgrade to 7.2r2

there is no need to touch that IP address.

 

unless you have issue with routing // FW or AV clients with the address

Visitor
Posts: 1
Registered: ‎03-08-2011

Re: NC not working after upgrade to 7.2r2

We also had issues with an upgrade to 7.2, we managed to deeply troubleshoot the issue with Juniper Support. As a result they released a new KB : KB26381

"[SSL VPN/MAG] Network Connect users are unable to access internal resources after upgrading to 7.2RX or higher versions"