0

I am using Juniper Network Connect software VPN client (v7.1) to connect to my company's network. I have to present a client certificate and additionally enter username/password to connect - a painful process that I keep repeating many times throughout my work day. Juniper does not provide a way to automate this process. There are some command line clients but they won't work with client certificates. Split tunneling is not allowed with my company's vpn.

So I was wondering if there is a hardware device that would support this kind of vpn setup and act as a gateway to which I would redirect my network traffic when I need VPN. I am not familiar with Juniper hardware and googling on this does not bring me any further.

Thanks!

user186289
  • 13
  • 1
  • 1
    Talk to your admin, the site isn't meant for people to come in and figure out ways to get around or undo the tech that is put in place for users. – DanBig Aug 20 '13 at 12:08

3 Answers3

3

The level of security is high because it allows access to your remote network. If it was automated then it wouldn't be a security measure. Don't try to circumvent it, go see your admin and talk about whether that level is appropriate.

JamesRyan
  • 8,166
  • 2
  • 25
  • 36
  • 2
    I highly appreciate all your suggestions. Thanks for answering. I work for a large company where talking to network administrators is not possible. Installing this kind of device at my work place would not increase security risk, but would hugely ease my work. So the question still stands. – user186289 Aug 20 '13 at 14:37
  • 2
    Well company policy is usually set by the person who is qualified to assess the risk. Circumventing it can be a fireable offence. – JamesRyan Aug 20 '13 at 16:17
0

NetworkConnect is a software SSL VPN. I am not aware of any hardware that would connect to one, it is a software-only solution.

If you only need access to the VPN some of the time, you could make yourself a VM, connect that to the VPN, and do non-VPN-related things in your real system. I use this technique for connecting to multple clients with VPNs -- I have a VM for each customer, and this lets me connect to multiple sites at the same time.

David Mackintosh
  • 14,293
  • 7
  • 49
  • 78
0

The Network Connect client is prompting you with the cert most likely because it isn't trusted and the IT dept there just used a self-signed cert instead of a valid 3rd party cert when setting up the certificates on the interfaces on the Juniper SA appliance.

The IT dept can do (and should do) two things to help you and everyone else out:

  1. Use a VALID 3rd party cert for the SSL VPN to use with a proper FQDN. Sames holds true IF they require client-side certs, but typically this isn't setup and if it were here they would be using valid certs to begin with I would presume.
  2. They can go into the SA admin portal and configure session timeouts for users, down to the user themselves if they so wish, but typically it is done globally or through one of the connection profiles. Change from the current setting, possibly 1 hour, to something like 4 or 8 hours.

This should help.

TheCleaner
  • 32,627
  • 26
  • 132
  • 191
  • Thanks for answering. As I already noted, in this kind of large company it is virtually impossible to reach the network administering staff. – user186289 Aug 23 '13 at 11:40