Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX] Traffic initiated from the Protected Resource to the Dynamic VPN Client does not pass through the Dynamic VPN tunnel using Pulse Secure Client Software

0

0

Article ID: KB21800 KB Last Updated: 12 Jun 2018Version: 4.0
Summary:

Traffic initiated from the Protected Resource to the Dynamic VPN Client does not pass through the Dynamic VPN tunnel using Pulse Secure Client Software.

Symptoms:

When trying to initiate a session from the Remote Protected Resources to the Dynamic VPN Client Side, over a Dynamic VPN setup, traffic fails.

The error message "packet dropped, cannot obtain tunnel from policy " appears on the J/SRX due to policy look up failure in this case.
 
Solution:

This behavior is as per design with the Pulse Secure client. The concept of bi-directional Dynamic VPN does not work in Junos currently with the Pulse Secure Client. Traffic sourced out from the protected resources will fail to reach the client due to an internal policy lookup failure.

Traffic initiated from the Dynamic VPN client side will not have any issues.

In short, Dynamic VPN on Junos with Pulse Secure client only allows the traffic from the Dynamic VPN clients to the Remote Protected Resource, but the vice versa is not achievable.

Modification History:
2018-06-12: Clarified reference to Dynamic VPN client as the one from Pulse Secure.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search