Juniper Network Connect block access to LAN
I´m using Juniper Network Connect, and connection to VPN is good, but it adds automaticaly routes to manage all trafic through Network Connect Adapter. It affects the connection to my LAN, so, when i use the VPN i´m not able to connect with other computers or server in my LAN.
I read about changing metric on Network COnnect Adapter, but i´m not able to see it on Network Connections Windows. SO is WIndows XP SP3
Thanks in advance.
I read about changing metric on Network COnnect Adapter, but i´m not able to see it on Network Connections Windows. SO is WIndows XP SP3
Thanks in advance.
V K
You can configure split tunneling under NC options for the user roles on the Juniper SA to solve this problem.
ASKER
Sorry, i didn´t explain all detail.
The VPN is used to support services to my company´s client, but when i connect to do that, i lose aly other connection to internet, email and internal application.
Of course, i´m not able to modify VPN policies, that´s why i´m loking for other option.
The VPN is used to support services to my company´s client, but when i connect to do that, i lose aly other connection to internet, email and internal application.
Of course, i´m not able to modify VPN policies, that´s why i´m loking for other option.
Usually that is is intentionally set by the remote IT folks. Only if they are not capable of changing the split tunneling setting in the SA you should think about circumventing it:
Create two less general routes for default gateway:
route add -p 0.0.0.0 mask 128.0.0.0 «yourgatewayhere»
route add -p 128.0.0.0 mask 128.0.0.0 «yourgatewayhere»
That should allow to Internet traffic again, if Network Connect is not intercepting the traffic via a filter driver (didn't test that - do have split tunneling only to our clients).
Create two less general routes for default gateway:
route add -p 0.0.0.0 mask 128.0.0.0 «yourgatewayhere»
route add -p 128.0.0.0 mask 128.0.0.0 «yourgatewayhere»
That should allow to Internet traffic again, if Network Connect is not intercepting the traffic via a filter driver (didn't test that - do have split tunneling only to our clients).
The above can only help with the Internet issue. You might need to use a similar approach for your LAN.
Modifying the local routing table will only work if "route monitoring" is not enabled on the SA side. If it is enabled (most likely), Network Connect will disconnect the session once you modify the routing table. Really the only way around the "policy" would be to have a conversation with the SA admin to make an exception for you if deemed necessary.
ASKER
Yes, i have already try changing the routes manually, but Network Connect detects that and drops the connection.
It´s strange, but i have a laptop with Windows7 Pro, using the same version of Network Connect. On that laptop i´m able to work with LAN when i use wireless connection, if I use wired connection it didn´t work. As if when it´s connected by wireless it ignores routes assigned by Network Connect.
I try tha same on WinXP, adding a wireless card. but in this case, Network Connect affects both connections.
I suppose WIn7 behavior has a bug, that in this case helps me, but i´m looking to make it works on WinXP.
It´s strange, but i have a laptop with Windows7 Pro, using the same version of Network Connect. On that laptop i´m able to work with LAN when i use wireless connection, if I use wired connection it didn´t work. As if when it´s connected by wireless it ignores routes assigned by Network Connect.
I try tha same on WinXP, adding a wireless card. but in this case, Network Connect affects both connections.
I suppose WIn7 behavior has a bug, that in this case helps me, but i´m looking to make it works on WinXP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I used Virtual PC to be able to do that