Juniper Pulse Secure - Full Tunnel

We have a number of users that use Pulse Secure VPN client to connect to a 3rd party, which is configured in Full Tunnel mode. Everything works in Tunnel 1.0 configuration but we are making a move to Tunnel 2.0 where it fails to function. The connection is not established fully and both Pulse Secure and ZCC go into Connecting and Connected state.

Working Scenario (current)

  • Tunnel Driver Type: Packet Filter Based
  • On Trusted Network: Tunnel, Tunnel 1.0
  • System Proxy: Never
  • VPN Trusted Network: Same as On Trusted Network
  • Off Trusted Network: Same as On Trusted Network

Non-Working Scenario (goal)

  • Tunnel Driver Type: Packet Filter Based
  • On Trusted Network: Tunnel, Tunnel 1.0
  • System Proxy: Never
  • VPN Trusted Network: Same as On Trusted Network
  • Off Trusted Network: Tunnel 2.0
  • Transport Settings: TLS
  • System Proxy: FWD PAC

The VPN destination is in the App PAC, Fwd PAC, VPN Gateway Bypass and still fails. Tried the following without success:

  • added the DNS domain of the 3rd party to the DNS search suffix so it drops down to Tunnel 1.0 - fails
  • added the DNS domain of the 3rd party to the DNS search suffix so it’s detected as VPN Trusted Network and set to None (disabled) - fails
  • tried Tunnel with Local Proxy for VPN Trusted Network - fails
  • tried DTLS transport - fails

It appears when switching from Z-Tunnel 2.0 to 1.0 or to disable ZIA completely, it fails and only likes when it remains on Z-Tunnel 1.0 throughout the connection.

Looking for suggestions?

The solution was upgrading to a newer version of Pulse Secure client which is supported via Z-Tunnel 2.0.

Hi @Raj909 ,

Would you happen to know what PS client version that supported Ztunnel2.0? Because our customer have some issue with PS vpn as well and seems the normal VPN Gateway Bypass not working.

Thanks,

We had to upgrade to 9.1R13.1 which resolved the issues for us on Tunnel 2.0.