04-21-2017 12:10 AM
I have a setup of Juniper SSG140 unit that acts as DHCP server and PulseSecure device within the same subnet.
The PulseSecure device is configured to use SSG-140 as DHCP server, but it does not receive an IP addresses.
Since the Pulse Secure configuration is correct and verified with support specialist, i am trying to narrow down as of why Juniper SSG unit is not passing the IP via DHCP.
Any suggestions ?
04-21-2017 01:34 AM
1: Have you checked your DHCP config on the device?
2: If configuration is good then please check 'get event' if there is any error etc.
3: You can also try debuggin the DHCP with the flow basic, snoop and the dhcp debug
take the flow basic and the snoop along with the 'debug dhcp server"
4: BTW, where is it failing in the DORA process?
04-21-2017 03:08 AM
1. Configuration is correct ( DHCP serves workstations properly )
2. Nothing showed under Reports -> System Log -> Event.
3. Is that via the CLI ?
4. Attached is the screenshot of what PulseSecure device do (as it has to get the DHCP lease from SSG unit and pass it to Desktop client)
04-22-2017 02:39 AM
1: Get event is same a events from GUI.
2: Have checked the debug flow basic (https://kb.juniper.net/InfoCenter/index?page=content&id=KB12208) , snoop (https://kb.juniper.net/InfoCenter/index?page=content&id=KB5411&actp=METADATA) and debug dhcp server during the issues time. Tuen on all these three debugs, reproduce the issue, stop all the debugs, snoop and check the 'get db st" .
04-22-2017 06:46 AM
Can you confirm the Pulse Secure DHCP forwarding profile:
Resource profiles > VPN tunneling > Connection profiles
And confirm that this is assigned to the appropriate roles.
And that the role is configured to allow tunneling on the general tab with the specific options desired on the vpn tunneling tab
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6 ACE PanOS 7