Solved

Juniper Network Connect block access to LAN

Posted on 2011-03-01
8
2,875 Views
Last Modified: 2012-08-14
I´m using Juniper Network Connect, and connection to VPN is good, but it adds automaticaly routes to manage all trafic through Network Connect Adapter. It affects the connection to my LAN, so, when i use the VPN i´m not able to connect with other computers or server in my LAN.

I read about changing metric on Network COnnect Adapter, but i´m not able to see it on Network Connections Windows. SO is WIndows XP SP3

Thanks in advance.
0
Comment
Question by:fresnillo
8 Comments
 
LVL 6

Expert Comment

by:alienXeno
ID: 35014465
You can configure split tunneling  under NC options for the user roles on the Juniper SA to solve this problem.


0
 

Author Comment

by:fresnillo
ID: 35014639
Sorry, i didn´t explain all detail.

The VPN is used to support services to my company´s client, but when i connect to do that, i lose aly other connection to internet, email and internal application.

Of course, i´m not able to modify VPN policies, that´s why i´m loking for other option.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35015289
Usually that is is intentionally set by the remote IT folks. Only if they are not capable of changing the split tunneling setting in the SA you should think about circumventing it:

Create two less general routes for default gateway:
   route add -p 0.0.0.0 mask 128.0.0.0 «yourgatewayhere»
   route add -p 128.0.0.0 mask 128.0.0.0 «yourgatewayhere»

That should allow to Internet traffic again, if Network Connect is not intercepting the traffic via a filter driver (didn't test that - do have split tunneling only to our clients).
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35015296
The above can only help with the Internet issue. You might need to use a similar approach for your LAN.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 43

Expert Comment

by:JFrederick29
ID: 35016945
Modifying the local routing table will only work if "route monitoring" is not enabled on the SA side.  If it is enabled (most likely), Network Connect will disconnect the session once you modify the routing table.  Really the only way around the "policy" would be to have a conversation with the SA admin to make an exception for you if deemed necessary.
0
 

Author Comment

by:fresnillo
ID: 35018472
Yes, i have already try changing the routes manually, but Network Connect detects that and drops the connection.

It´s strange, but i have a laptop with Windows7 Pro, using the same version of Network Connect. On that laptop i´m able to work with LAN when i use wireless connection, if I use wired connection it didn´t work. As if when it´s connected by wireless it ignores routes assigned by Network Connect.

I try tha same on WinXP, adding a wireless card. but in this case, Network Connect affects both connections.

I suppose WIn7 behavior has a bug, that in this case helps me, but i´m looking to make it works on WinXP.
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
ID: 35018983
It is intentionally, so you should not try to work around it. The only "legal" approach is to use it in a Virtual Machine you then have to access via the integrated remote control tools (MS VPC: RDP, VMWare: VIX or Web Browser plug-in).
0
 

Author Closing Comment

by:fresnillo
ID: 35074768
I used Virtual PC to be able to do that
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
not output on the show arp command 5 45
Homegroup issues 6 39
Nortel Baystack 5510-48T Web GUI problems 27 44
Gateway Resilience 4 23
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now