SSL VPN
Reply
Visitor
ramez
Posts: 1
Registered: ‎03-21-2010
0

Network Connect Problems

I'm running Juniper Network Connect 6.4 on Snow Leopard. I've already applied the fix to get the software to run. The problem I'm having is that while it's running, my computer does not appear to recognize I'm connected. For instance, if I try to access sites that are IP restricted it will not let me access them. The IT people at my university don't seem to know what to do. If I look at what IP address my browser thinks I'm on, it's the one that is assigned through my ISP. Here's what ifconfig looks like:

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether d4:9a:20:d4:bb:ae
media: autoselect status: inactive
supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,flow-control> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,flow-control> 100baseTX <full-duplex,hw-loopback> 1000baseT <full-duplex> 1000baseT <full-duplex,flow-control> 1000baseT <full-duplex,hw-loopback>
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet6 fe80::d69a:20ff:fe78:55d3%en1 prefixlen 64 scopeid 0x5
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
ether d4:9a:20:78:55:d3
media: autoselect status: active
supported media: autoselect
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 192.168.245.1 netmask 0xffffff00 broadcast 192.168.245.255
ether 00:50:56:c0:00:01
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 172.16.182.1 netmask 0xffffff00 broadcast 172.16.182.255
ether 00:50:56:c0:00:08
jnc0: flags=841<UP,RUNNING,SIMPLEX> mtu 1400
inet 10.65.4.7 netmask 0xffffffff
open (pid 21083)
jnc1: flags=841<UP,RUNNING,SIMPLEX> mtu 1450
closed

You can see the Juniper connection is being made to an IP address that should allow me access.

I also tried this on my virtual machine.  I have VMWare Fusion with XP as my guest.  If I run ipconfig -all, here's the output while using NAT:

 

Windows IP Configuration

        Host Name . . . . . . . . . . . . : ramez-f7026bbc0
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : localdomain
                                            utk.edu

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : localdomain
        Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter

        Physical Address. . . . . . . . . : D4-9A-20-78-55-D3
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 172.16.182.131
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 172.16.182.2
        DHCP Server . . . . . . . . . . . : 172.16.182.254
        DNS Servers . . . . . . . . . . . : 172.16.182.2
        Lease Obtained. . . . . . . . . . : Sunday, March 21, 2010 12:04:28 PM
        Lease Expires . . . . . . . . . . : Sunday, March 21, 2010 12:34:28 PM

Ethernet adapter Network Connect Adapter:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Juniper Network Connect Virtual Adap
ter
        Physical Address. . . . . . . . . : 00-FF-08-D0-6E-89
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.65.4.18
        Subnet Mask . . . . . . . . . . . : 255.255.255.255
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 10.200.200.200
        DNS Servers . . . . . . . . . . . : 160.36.0.66
                                            160.36.128.66
        Primary WINS Server . . . . . . . : 160.36.0.68
        Lease Obtained. . . . . . . . . . : Sunday, March 21, 2010 11:01:12 AM
        Lease Expires . . . . . . . . . . : Sunday, March 28, 2010 11:01:12 AM



I used Network Connect Troubleshooting.  Here are the tests that failed:

Under AMD PCNET Family PCI Ethernet Adapter:

The ping of the DHCP Server

Under Juniper Network Connect Virtual Adapter:

The ping of the DHCP Server and the DNS Servers

 

Is this what the problem is?  There is also a program installed called Windows Secure Application Manager, but I cannot seem to use the program to add any applications.  There is one application I need to use that has a license server that checks IP addresses.  The one assigned while running Network Connect would be valid.  I just can't figure out to tell my machine to use it.

 

Many thanks in advance.

 

Juniper Employee
kmaybe
Posts: 16
Registered: ‎02-20-2008
0

Re: Network Connect Problems

This sounds like a configuration issue on the SSL VPN device.

 

From your description, it would appear that Split Tunneling mode is configured on the SA for your Network Connect access.  Otherwise, all of the traffic would be forced through the NC tunnel and your browser would not detect your IP address as the one assigned to your local LAN adapter.

 

It sounds like a configuration issue on the SA where you are getting assigned an IP address from a pool that cannot route traffic to the internal network's DNS servers.  If Network Connect cannot ping the DNS servers that have been assigned to your connection then this will cause NC tunneled DNS queries to fail and since your ISP DNS servers cannot locate servers that are within the corporate network, you won't be able to access NC resources because the DNS is going to fail.

 

I would let the helpdesk know specifically that the DNS servers being assigned for the Network Connect connection are not reachable.  Maybe they need to assign a different IP address range, or specify different DNS servers.

 

Also, they should check that the server you need access to via NC is defined in the Split Tunneling resource list as well as in the Network Connect ACL list in the Network Connect Connection Profile.

 

 

Juniper Employee
Juniper Employee
rvi
Posts: 16
Registered: ‎04-02-2009
0

Re: Network Connect Problems

Windows Secure Application Manager is aTDI driver and works ONLY for supported windows OS

Visitor
azpcox
Posts: 7
Registered: ‎06-27-2008
0

Re: Network Connect Problems

Your ifconfig output looks correct.  Once connected via Network Connect on the Mac, you'll see the "new" jnc0 interface up with the SA assigned IP address (from your pool or DHCP relay server).  That appears to happen fine.  It does sound like a combination of split tunneling and Network Connect Access Control lists for the particular Role you are getting assigned.  Check those policies to make sure the make sure the traffic you are "missing" is actually allowed outbound in the first place.

 

PC

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.