Knowledge Search


×
 

[SRX] Traffic initiated from the Protected Resource to the Dynamic VPN Client does not pass through the Dynamic VPN tunnel using Pulse Secure Client Software

  [KB21800] Show Article Properties


Summary:

Traffic initiated from the Protected Resource to the Dynamic VPN Client does not pass through the Dynamic VPN tunnel using Pulse Secure Client Software.

Symptoms:

When trying to initiate a session from the Remote Protected Resources to the Dynamic VPN Client Side, over a Dynamic VPN setup, traffic fails.

The error message "packet dropped, cannot obtain tunnel from policy " appears on the J/SRX due to policy look up failure in this case.
 
Solution:

This behavior is as per design with the Pulse Secure client. The concept of bi-directional Dynamic VPN does not work in Junos currently with the Pulse Secure Client. Traffic sourced out from the protected resources will fail to reach the client due to an internal policy lookup failure.

Traffic initiated from the Dynamic VPN client side will not have any issues.

In short, Dynamic VPN on Junos with Pulse Secure client only allows the traffic from the Dynamic VPN clients to the Remote Protected Resource, but the vice versa is not achievable.

Modification History:
2018-06-12: Clarified reference to Dynamic VPN client as the one from Pulse Secure.
Related Links: