SSL VPN
Reply
Contributor
SF_Dan
Posts: 75
Registered: ‎12-02-2010
0

Proxy Settings

Setup:

SA 6500

7.1R2 (build 18193)

Using Junos Pulse client

 

I have a question about proxy server configuration under the network connect profiles section.

 

Network Connect Connection Profiles > Proxy Server Settings

 

If I add an IP address of one of our proxy servers in the "manual configuration" should this force all internet traffic through this proxy for users connected via network connect? I have done this but it does not seem to function this way. I have tested with IE and FF. Any advice?

 

Thanks,

 

Dan

Super Contributor
SHKM
Posts: 167
Registered: ‎03-13-2008
0

Re: Proxy Settings

Hi Dan,

 

         After NC connected, in IE > Options > connection setting we should see instantproxy.pac file. Do you see this file?

Also, VPN tunnel configured in split tunnel enabled or disabled?

 

I did a quick check in lab,

 

MAG2600

7.1R4.1

Pulse 2.1R2

Network Connect Connection Profiles > Proxy Server Settings, I set manual proxy

Role > Network connect > VPN tunneling option I set to Split tunnel disable

 

After I establish VPN tunnel, I could see that all my IE internet traffic flow via mentioned proxy setting.

 

Thanks,

Suresh

Contributor
SF_Dan
Posts: 75
Registered: ‎12-02-2010
0

Re: Proxy Settings

I do not see that in IE settings. I wonder if this is an issue with the version of pulse or the IVE I am running? I have a test box I can load an updated IVE on but any other recomendations would be appreciated.

 

thanks,

 

Dan

Super Contributor
SHKM
Posts: 167
Registered: ‎03-13-2008
0

Re: Proxy Settings

Ok Dan....I hope we will have more information when you have the lab setup and test results.

Contributor
SF_Dan
Posts: 75
Registered: ‎12-02-2010
0

Re: Proxy Settings

Just a couple quick notes -

 

I just tested in in my lab environment which is setup almost identical to my production and I have the same issue. I will be updating the IVE and Pulse client to see if that resolves it.

 

As far as split tunnel - The connection profile I use for network connect/pulse is used for full and split tunnel connections. I have different roles in place to access different network resources. Basically if a user is not on a corporate network it is full tunnel and if they are on a corporate network it is split tunnel to specific network segments. I will update as I learn more.

 

Thanks,

 

Dan

Contributor
SF_Dan
Posts: 75
Registered: ‎12-02-2010
0

Re: Proxy Settings

Update -

 

I configured my test environment similar to yours:

 

SA6500

7.1R4.1 (build 19525)

Pulse 2.1R4

 

I set the manual proxy in the network connect connection profile, and utilized 1 role that has split tunnel disabled. Unfortunately I have the same results, it does not modify the internet explorer proxy settings. What version of IE are you testing with? I am currently testing with IE 8

 

thanks,

 

Dan

Contributor
SF_Dan
Posts: 75
Registered: ‎12-02-2010
0

Re: Proxy Settings

1 more update -

 

If I switch to the network connect client instead of the pulse client it works. Does this not work with the pulse client?

 

Thanks,

 

Dan

Super Contributor
SHKM
Posts: 167
Registered: ‎03-13-2008
0

Re: Proxy Settings

Hi Dan,

 

        I'm using IE 8 (32bit) and Windows 7 Professional (32bit).

 

> Does this not work with the pulse client?

Please open Jtac case to get this investigated further.

 

Thanks,

Suresh

Contributor
SF_Dan
Posts: 75
Registered: ‎12-02-2010
0

Re: Proxy Settings

Update -

 

ok, I actually found the problem. This works fine in Windows XP 32bit but the OS I am having issues with is Windows 7 x64. I ran procmon while connecting and discovered the dsAccessService.exe is trying to write the instantproxy.pac to C:\Users\Administrator\AppData\Roaming\Juniper Networks\instantproxy.pac instead of the logged in user's temp directory. This would cause it to fail as the logged in user will not have access to that directory. Any idea why it is trying to write to the administrator profile instead of the logged in profile? The only reason I can think of is because dsAccessService.exe is running as SYSTEM but this is the case in Windows XP also but it still writes to the logged in user's profile. I am going to open a case but wanted to update this thread also incase others run into this problem or if anyone has any workarounds. I am continuing to troubleshoot this and will update with more info as available.

 

Thanks,

 

Dan

Moderator
zanyterp
Posts: 2,300
Registered: ‎11-19-2007
0

Re: Proxy Settings

are you running this as an admin or standard user with the juniper installer service?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.