I'm not familiar with the Juniper VPN client so excuse me if this is a silly question.
What type of VPN is it SSL or IPSec?
If it's SSL you would need to allow HTTPS both ways.
Ok managed to move a little closer sorting the issue.
Now have the following
Allow loopback- (Allow - Either)
Allow Mcafee signed Apps - (Allow - Either)
Allow 802.1X Authentication - (Allow - Either)
Allow DNS - (Allow - Out)
Web Access - Timed group
Allow HTTP / HTTPS - (Allow - Out)
Allow IPsec ESP - (Allow - Either)
Allow IKE - (Allow - In)
Allow GRE - (Allow - Either)
Allow IKE Outbound - (Allow - Out)
CAG - CorpNetwork (based on default gateway and dns suffix)
CAG - VPN (based on if ePO is contactable)
This now works apart from the timed group (web access part).. I start the timer can establish a VPN tunnel connect into the corp network etc all good until the time period expires and I lose all web traffic. Is there a way I can fix this? I was hoping having the allow all rule in both CAGS would stop this but it doesn't.