When allow all IP as remote protected resource is configured, “remote-protected-resource 0.0.0.0/0”, then the Dynamic VPN does not work. Any traffic to the remote-protected-resource is not encrypted.
Client Software (Access Manager/Junos Pulse) injects and changes route information on a routing table of the client OS, along with Dynamic VPN configuration when the VPN is established.
The following output is the routing table when the VPN is established.
C:\>route print =========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x210003 ...00 0c 29 6e f3 57 ...... VMware Accelerated AMD PCNet Adapter - Juni per WX Filter Miniport 0x230004 ...02 05 85 7f eb 80 ...... Juniper Networks Virtual Adapter - Juniper WX Filter Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.123.254 192.168.123.11 11 <= Original default gateway 0.0.0.0 0.0.0.0 192.168.126.26 192.168.126.26 1 <= New route to remote protected resource installed client software 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 (snipped) 255.255.255.255 255.255.255.255 192.168.126.26 192.168.126.26 1 Default Gateway: 192.168.126.26 <= New default gateway =========================================================================== Persistent Routes: None
If 0.0.0.0/0 is configured as a remote-protected resource, the client software tries to inject the route “0.0.0.0/0” with the address of the virtual adapter as the gateway.
However, client software installs 0.0.0.0/32, and all traffic matches the original default gateway and not pointing to the virtual adapter. Then all traffic is not encrypted and dropped.
Both the Access Manager client and Junos Pulse client have this problem:
Access Manager: All releases
Junos Pulse: Any release before 1.0R2
The problem is fixed on Junos Pulse 1.0R2.
If you run into this issue on Junos Pulse, upgrade to 1.0R2 or later.
In case of Access Manager, migrate to Junos Pulse 1.0R2 or later.