Somehow, we got my company’s
Cisco Juniper VPN to work on my Mac (we just needed to create an appropriate policy for Macs, not that complicated). [Edit: I got the brand wrong, sorry!]
But while I was able to connect from the company’s internal network (as a test, as it’s obviously not very useful), I didn’t manage to connect from outside. My company Windows machine could, but not my Mac.
I’ve finally tracked down the cause (after a lot of irrelevant debugging attempts, investigating our firewall and doing various DNS lookups): actually, Network Connect writes to /private/etc/hosts and hard-codes there the IP address of the VPN machine, after you successfully connect. And of course, after I’d connected (as a test) to the VPN over the internal network, the IP address it wrote there was the internal IP. This subsequently prevented it from connecting over a public network.
This is a bit of a note to self, in case I run into this problem again and forget the fix. (Of course it would be nice if the Cisco software didn’t do such a dirty thing in the first place, or at least cleaned up after itself, but that might be a lot to ask for.)