Hello, I am struggling to get Secure Connect VPN working. The remote user is able to established the session on Juniper Secure Connect on Windows client but I cannot get them to access the resource in LAN network (Test94_zone) . I am stuck right now so please anyone help me. Thanks!
set system services web-management https pki-local-certificate JSC
set services ssl termination profile SSL-JSC-term server-certificate self-signed01
set services ssl termination profile RA-JSC-term server-certificate JSC
set access-profile RA-JSC-Access
set security ike proposal RA-JSC-VPN-pro authentication-method pre-shared-keys
set security ike proposal RA-JSC-VPN-pro dh-group group19
set security ike proposal RA-JSC-VPN-pro authentication-algorithm sha-256
set security ike proposal RA-JSC-VPN-pro encryption-algorithm aes-256-cbc
set security ike policy RA-JSC-VPN-pol mode aggressive
set security ike policy RA-JSC-VPN-pol proposals RA-JSC-VPN-pro
set security ike policy RA-JSC-VPN-pol pre-shared-key ascii-text "$9$EIoSeM7Nbw24ZU3/CuIRSrlvX7NdbY4a-d"
set security ike gateway RA-JSC-VPN-gate ike-policy RA-JSC-VPN-pol
set security ike gateway RA-JSC-VPN-gate dynamic user-at-hostname "system@example.com"
set security ike gateway RA-JSC-VPN-gate dynamic ike-user-type shared-ike-id
set security ike gateway RA-JSC-VPN-gate dead-peer-detection optimized
set security ike gateway RA-JSC-VPN-gate dead-peer-detection interval 10
set security ike gateway RA-JSC-VPN-gate dead-peer-detection threshold 5
set security ike gateway RA-JSC-VPN-gate external-interface reth2.2702
set security ike gateway RA-JSC-VPN-gate local-address x.x.x.x
set security ike gateway RA-JSC-VPN-gate aaa access-profile RA-JSC-Access
set security ike gateway RA-JSC-VPN-gate version v1-only
set security ike gateway RA-JSC-VPN-gate tcp-encap-profile SSL-VPN-RA-JSC
set security ipsec proposal RA-JSC-VPN-pro protocol esp
set security ipsec proposal RA-JSC-VPN-pro encryption-algorithm aes-256-gcm
set security ipsec policy RA-JSC-VPN-pol perfect-forward-secrecy keys group19
set security ipsec policy RA-JSC-VPN-pol proposals RA-JSC-VPN-pro
set security ipsec vpn RA-JSC-VPN bind-interface st0.0
set security ipsec vpn RA-JSC-VPN df-bit clear
set security ipsec vpn RA-JSC-VPN ike gateway RA-JSC-VPN-gate
set security ipsec vpn RA-JSC-VPN ike ipsec-policy RA-JSC-VPN-pol
set security ipsec vpn RA-JSC-VPN traffic-selector ts-1 local-ip 0.0.0.0/0
set security ipsec vpn RA-JSC-VPN traffic-selector ts-1 remote-ip 0.0.0.0/0
set security remote-access profile RA-JSC-VPN-pro ipsec-vpn RA-JSC-VPN
set security remote-access profile RA-JSC-VPN-pro access-profile RA-JSC-Access
set security remote-access profile RA-JSC-VPN-pro client-config RA-JSC-VPN-client
set security remote-access client-config RA-JSC-VPN-client connection-mode manual
set security remote-access client-config RA-JSC-VPN-client dead-peer-detection interval 60
set security remote-access client-config RA-JSC-VPN-client dead-peer-detection threshold 5
set security remote-access default-profile RA-JSC-VPN-pro
set security nat source rule-set RA-JSC-VPN-src from zone C2S-Secure-Connect
set security nat source rule-set RA-JSC-VPN-src to zone Test94_zone
set security nat source rule-set RA-JSC-VPN-src rule RA-JSC-VPN-rule match source-address 0.0.0.0/0
set security nat source rule-set RA-JSC-VPN-src rule RA-JSC-VPN-rule then source-nat interface
set security policies from-zone Test94_zone to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 match source-address any
set security policies from-zone Test94_zone to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 match destination-address any
set security policies from-zone Test94_zone to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 match application any
set security policies from-zone Test94_zone to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 then permit
set security policies from-zone C2S-Secure-Connect to-zone Test94_zone policy RA-JSC-VPN-2 match source-address any
set security policies from-zone C2S-Secure-Connect to-zone Test94_zone policy RA-JSC-VPN-2 match destination-address any
set security policies from-zone C2S-Secure-Connect to-zone Test94_zone policy RA-JSC-VPN-2 match application any
set security policies from-zone C2S-Secure-Connect to-zone Test94_zone policy RA-JSC-VPN-2 then permit
set security policies from-zone junos-host to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 match source-address any
set security policies from-zone junos-host to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 match destination-address any
set security policies from-zone junos-host to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 match application any
set security policies from-zone junos-host to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 then permit
set security policies from-zone junos-host to-zone C2S-Secure-Connect policy RA-JSC-VPN-1 then log session-close
set security policies from-zone C2S-Secure-Connect to-zone junos-host policy RA-JSC-VPN-2 match source-address any
set security policies from-zone C2S-Secure-Connect to-zone junos-host policy RA-JSC-VPN-2 match destination-address any
set security policies from-zone C2S-Secure-Connect to-zone junos-host policy RA-JSC-VPN-2 match application any
set security policies from-zone C2S-Secure-Connect to-zone junos-host policy RA-JSC-VPN-2 then permit
set security policies from-zone C2S-Secure-Connect to-zone junos-host policy RA-JSC-VPN-2 then log session-close
set security tcp-encap profile SSL-JSC-profile ssl-profile SSL-JSC-term
set security tcp-encap profile SSL-JSC-profile log
set security tcp-encap profile SSL-VPN-RA-JSC ssl-profile RA-JSC-term
set access profile RA-JSC-profile address-assignment pool RA-JSC-pool-01
set access profile RA-JSC-profile ldap-options base-distinguished-name DC=example,DC=local
set access profile RA-JSC-profile ldap-options search search-filter sAMAccountName=
set access profile RA-JSC-profile ldap-options search admin-search distinguished-name "CN=LDAP Bind,OU=Service Accounts,DC=example,DC=local"
set access profile RA-JSC-profile ldap-options search admin-search password "$9$hK4SM8bwgaJUuOrKM8-dUjHqTzAp0cye0BXN-VoaUDiHP5ApOSyK"
set access profile RA-JSC-profile ldap-options allowed-groups SysAdmin-VPNAccess address-assignment pool RA-JSC-pool-01
set access profile RA-JSC-profile ldap-server 172.16.64.1
set access profile RA-JSC-Access client channdy firewall-user password "$9$ltHKLxNds2gJYgTz69B1NdbwaU"
set access profile RA-JSC-Access address-assignment pool RA-JSC-Pool-01
set access address-assignment pool RA-JSC-Pool-01 family inet network 172.16.96.0/24
set access address-assignment pool RA-JSC-Pool-01 family inet range JSC-Range low 172.16.96.100
set access address-assignment pool RA-JSC-Pool-01 family inet range JSC-Range high 172.16.96.150
set access address-assignment pool RA-JSC-Pool-01 family inet xauth-attributes primary-dns 8.8.8.8/32
set access firewall-authentication web-authentication default-profile RA-JSC-Access
set security zones security-zone C2S-Secure-Connect host-inbound-traffic system-services all
set security zones security-zone C2S-Secure-Connect interfaces st0.0
set security zones security-zone Test94_zone host-inbound-traffic system-services dhcp
set security zones security-zone Test94_zone host-inbound-traffic system-services ping
set security zones security-zone Test94_zone host-inbound-traffic system-services all
set security zones security-zone Test94_zone interfaces reth2.94
set security zones security-zone Pub-VPN-External host-inbound-traffic system-services https
set security zones security-zone Pub-VPN-External host-inbound-traffic system-services tcp-encap
set security zones security-zone Pub-VPN-External host-inbound-traffic system-services ike
set security zones security-zone Pub-VPN-External interfaces reth2.2702
set security nat source rule-set Test94_zone-to-WAN from zone Test94_zone
set security nat source rule-set Test94_zone-to-WAN to zone WAN
set security nat source rule-set Test94_zone-to-WAN rule 1 match source-address 0.0.0.0/0
set security nat source rule-set Test94_zone-to-WAN rule 1 then source-nat interface
set security nat source rule-set test-vlan95-to-wan-untrust from zone Test95_zone
set security nat source rule-set test-vlan95-to-wan-untrust to zone WAN
set security nat source rule-set test-vlan95-to-wan-untrust rule 2 match source-address 0.0.0.0/0
set security nat source rule-set test-vlan95-to-wan-untrust rule 2 then source-nat interface
set security nat source rule-set C2S-VPN-Internet from zone C2S-Secure-Connect
set security nat source rule-set C2S-VPN-Internet to zone WAN
set security nat source rule-set C2S-VPN-Internet rule 3 match source-address 0.0.0.0/0
set security nat source rule-set C2S-VPN-Internet rule 3 then source-nat interface
set security nat source rule-set RA-JSC-VPN-src from zone C2S-Secure-Connect
set security nat source rule-set RA-JSC-VPN-src to zone Test94_zone
set security nat source rule-set RA-JSC-VPN-src rule RA-JSC-VPN-rule match source-address 0.0.0.0/0
set security nat source rule-set RA-JSC-VPN-src rule RA-JSC-VPN-rule then source-nat interface
------------------------------
CHANNDY KEO
------------------------------