SSL VPN
Reply
Visitor
govtechie
Posts: 5
Registered: ‎12-12-2010
0

iPad Junos Pulse routing issue

Hi

I am trying to connect an iPad using the Junos Pulse client so a SA4000 running 7.1r5,  so far I have managed to get it to connect. I can browse web sites using the intranet button. But when I try to get safari to connect the safari connection times out.I have also tried this with an RDP connection to a Windows Server with the same result.

 

I have enabled split routing and have in the subnet I require access to, (also added host ip as well). On the host PCs I am able to ping the iPad at the remote end of the VPN ok. The funny bit is if I add a static route to the host server eg. route add 192.168.2.0 mask 255.255.255.0 192.168.1.2 the rdp connection works. I have checked the router (default gateway) for the network has a route defined.

 

Am I going mad or is my in-experience of VPN's showing?

 

Many Thanks

Bob

Super Contributor
SHKM
Posts: 167
Registered: ‎03-13-2008
0

Re: iPad Junos Pulse routing issue

Hi Bob,

 

      In normal desktop/laptop, with the same SA config (Split tunnel enabled), does it work as expected?

 

Also, in iPad, If you disable Split tunnel, Are you able to connect to RDP/ able to browse using Safari?

 

Thanks,

Suresh

Visitor
govtechie
Posts: 5
Registered: ‎12-12-2010
0

Re: iPad Junos Pulse routing issue

Hi

I have checked NC from a laptop and get the same result with split tunnel enabled, ie I cannot connect to the host with RDP. I can ping the host from the laptop ok, but not connect with RDP or to the web site on the server (or any server).

 

Again if I add a static route to the server RDP works.

 

Disabling spilt tunnelling made no difference.

 

Many Thnaks

Recognized Expert
Kita
Posts: 487
Registered: ‎12-23-2010
0

Re: iPad Junos Pulse routing issue

Hello Bob,

 

Is the resource behind the SA or is it local network of the iPad?  I think the routes may be getting mixed up since the route you stated you are adding is usually a local ip address 192.168.1.x and may be sending it directly through the physical adapter instead of the tunnel.  If you can replicate this issue with the desktop version, can you try and get the "route print" before the connection and during the connection to see what it looks like.

Visitor
govtechie
Posts: 5
Registered: ‎12-12-2010
0

Re: iPad Junos Pulse routing issue

Hi

The resource is behind the SA, interestingly I can connect to hosts on other sub nets just not the one the SA is connected to.

 

Regards

Visitor
govtechie
Posts: 5
Registered: ‎12-12-2010
0

Re: iPad Junos Pulse routing issue

Also the SA is runnig 7.1r6 not r5 as previously stated incase this makes a difference.

 

Regards

Recognized Expert
Kita
Posts: 487
Registered: ‎12-23-2010
0

Re: iPad Junos Pulse routing issue

It sounds like there is something wrong with the route table prior to pulse modifying it.  Can you get the 'route print' before and during the pulse connection.

Moderator
zanyterp
Posts: 2,306
Registered: ‎11-19-2007
0

Re: iPad Junos Pulse routing issue

To follow along with Kita's point, do the two networks overlap? If yes, that will be a problem.
Visitor
govtechie
Posts: 5
Registered: ‎12-12-2010
0

Re: iPad Junos Pulse routing issue

Hi Thanks this has got me a bit further, there was overlapping networks as I was connecting to a wireless network that terminated on our firewall. Using a independent wireless, I.e home. I am now able to connect to servers on the internal network but unable to connect to an ip that is on the same subnet as the sa device. Regards
Moderator
zanyterp
Posts: 2,306
Registered: ‎11-19-2007
0

Re: iPad Junos Pulse routing issue

Which SA port: internal or external?If external, can you add a route on the internal port to send that traffic to the external port subnet out the internal interface?

Can you tracert from the iPad (I have seen free tools to do this on the app store) and confirm the first hop is your SA as expected?

Does tracert work on the system (Maintenance>Troubleshooting>Tools>Commands) to the failing IP?

Does this work on non-mobile devices?

When you do a TCP dump on the traffic, either on the SA or the device you are connecting to, what do you see?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.