ScreenOS Firewalls (NOT SRX)
Showing results for 
Search instead for 
Do you mean 
Reply
New User
Posts: 2
Registered: ‎04-21-2017
0 Kudos

DHCP not passing IPs

Hello,

 

I have a setup of Juniper SSG140 unit that acts as DHCP server and PulseSecure device within the same subnet.

The PulseSecure device is configured to use SSG-140 as DHCP server, but it does not receive an IP addresses.

Since the Pulse Secure configuration is correct and verified with support specialist, i am trying to narrow down as of why Juniper SSG unit is not passing the IP via DHCP.

 

Any suggestions ? 

 

 

Highlighted
Trusted Contributor
Posts: 121
Registered: ‎03-31-2016
0 Kudos

Re: DHCP not passing IPs

Hi,

 

1: Have you checked your DHCP config on the device?

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB4243&actp=METADATA

 

2: If configuration is good then please check 'get event' if there is any error etc.

 

3: You can also try debuggin the DHCP with the flow basic, snoop and the dhcp debug

    take the flow basic and the snoop along with the 'debug dhcp server"

 

4: BTW, where is it failing in the DORA process?

 

Thanks,

Vikas

 

New User
Posts: 2
Registered: ‎04-21-2017
0 Kudos

Re: DHCP not passing IPs

1. Configuration is correct ( DHCP serves workstations properly ) 

2. Nothing showed under Reports -> System Log -> Event.

3. Is that via the CLI ?

4. Attached is the screenshot of what PulseSecure device do (as it has to get the DHCP lease from SSG unit and pass it to Desktop client)

 

Thanks.

Trusted Contributor
Posts: 121
Registered: ‎03-31-2016
0 Kudos

Re: DHCP not passing IPs

Hi,

 

1: Get event is same a events from GUI.

2: Have checked the debug flow basic (https://kb.juniper.net/InfoCenter/index?page=content&id=KB12208) , snoop (https://kb.juniper.net/InfoCenter/index?page=content&id=KB5411&actp=METADATA) and debug dhcp server during the issues time. Tuen on all these three debugs, reproduce the issue, stop all the debugs, snoop and check the 'get db st" .

 

Thanks,

Vikas

Distinguished Expert
Posts: 4,785
Registered: ‎03-30-2009
0 Kudos

Re: DHCP not passing IPs

Can you confirm the Pulse Secure DHCP forwarding profile:

 

Resource profiles > VPN tunneling > Connection profiles

 

And confirm that this is assigned to the appropriate roles.

 

And that the role is configured to allow tunneling on the general tab with the specific options desired on the vpn tunneling tab

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home