SSL VPN
Reply
New User
Chatan
Posts: 1
Registered: ‎02-25-2010
0

VPN Accessing ONLY through Network Connect

Hi all!

 

Is there a best-practice way to implement a solution whereby the only way a user can access the Juniper SSL VPN is through Network Connect. I want to disable the ability for them to get to access the Juniper SA via a web browser. My first thoughts are:

1. To implement Custom Pages and modify the LoginPage.thtml so it doesn't have any ability to login. Therefore, only the LoginPage-stdaln.thtml allows access, as this is the page that is used by Network Connect

2. Perform a Host Check to verify that Network Connect is running. However, this will require Host Check to be installed, which will slow down the logon process.


Any suggestions or help would be appreciated.

 

Chatan

Distinguished Expert
muttbarker
Posts: 2,363
Registered: ‎01-29-2008
0

Re: VPN Accessing ONLY through Network Connect

Hey Chatan - NC can be started from a command line. It can be started at PC login. You can define a role that only allows NC so that when they login from a browser that is the only option available to them.

 

Not sure if I understand what you are trying to achieve so I hope these suggestions are of some help.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
Kalex
Posts: 76
Registered: ‎06-19-2009
0

Re: VPN Accessing ONLY through Network Connect

Chatan,

 

you might also look into the GINA option, incorporate NC in the Windows logon.

 

Best of luck!

Regards,
Alex
JNCIA-SSL,FWV,IDP, Security+,Network+,LPIC-1,MCSE:smileyfrustrated:,MCITP:EA
Moderator Moderator
Moderator
ruc
Posts: 212
Registered: ‎11-06-2007
0

Re: VPN Accessing ONLY through Network Connect

Try the thread @ http://forums.juniper.net/t5/SSL-VPN/Customizing-Network-Connect-login-pages/m-p/38952#M7419

Its doing the opposite of what you want however you should be able to leverage some of that logic. However as noted before in this thread - it is possible to preserve browser based login and still allow access only to Network Connect.

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.