Pulse Secure formerly SSL VPN
Trusted Contributor
Posts: 252
Registered: ‎02-28-2008

Network Connect Access Control - inbound ACL

So i am setting up somethign in my lab and ran into an issue that i can't find a solution for


1.  i want to do a full tunnel and allow the users who log into to access specific servers .

2. i want all internal (on my company's network) computers to be able to connect to the Network Connected computers but the Network connected computers should not be able to initiate a connection to all of my Internal (on my company's network) computers except the ones i specified in step 1.


If i setup the ACL policy like






this does the part of the problem. But where do i allow the inbound traffic? All the inbound traffic from the internal network to the network connected computers is blocked by the IVE. i know this because there is no firewall in this lab setup between my internal network and the network connected IP addresses.


The only way i can allow internal computers to talk to the network connected computers is by adding the specific ip address of the internal computer and specify* or if i do *.* as the policy.

SA-6500 (7.3R3) Production
MAG 4610 (7.4) Lab
Posts: 2,347
Registered: ‎11-19-2007

Re: Network Connect Access Control - inbound ACL

You need to allow all ports from the servers. The ACL is for both inbound & outbound connections; inbound requires * as you can't control the inbound port.
Moderator Moderator
Posts: 249
Registered: ‎11-06-2007

Re: Network Connect Access Control - inbound ACL

NC ACL functionality will not be able to achieve what you need. You will need an external firewall for such ACL control.




Copyright© 1999-2015 Juniper Networks, Inc. All rights reserved.