09-27-2012 11:35 PM
Not sure if you had the same issue I did but in the Configuration->System ->Network->VPN Tunneling page there is a horribly worded "VPN Tunnel Server IP Address" with that weird IP address of 10.200.200.200 or something.
What this field should say is "Default gateway of Network Connect clients" or something better since there is almost no documentation for that section.
This should be the the gateway of the subnet that connects the SA device to your client pool. I have no idea why they have that 10.200.200.200 or whatever IP address in there, but if you don't set it correctly, its by some miracle that NC would even work with this version.
Let me try to clarify this..
My SA device is using 10.120.5.5 for the internal port.
Under the resource profiles for VPN tunneling, I created a connection profile, created an IP address pool using 10.120.6.2-10.120.6.254.
I set a static route in my core router that looks something like: ip route 10.120.6.0 255.255.255.0 10.120.5.5
Therefore, my VPN Tunnel Server IP Address is set to 10.120.6.1 and all is well with NC clients routing.
Hope this helps...
12-19-2012 12:55 AM
We also had issues with an upgrade to 7.2, we managed to deeply troubleshoot the issue with Juniper Support. As a result they released a new KB : KB26381
"[SSL VPN/MAG] Network Connect users are unable to access internal resources after upgrading to 7.2RX or higher versions"