[j-nsp] WebVPN Problem / SRX
Paul Stewart
paul at paulstewart.org
Tue May 25 13:14:07 EDT 2010
Anyone on here setup WebVPN on Juniper SRX? I've had a JTAC ticket running
for quite a while and they haven't been able to figure out why we can't
connect. according to the logs the username is getting authenticated and
then the session drops for some reason.. I'm about 6-7 hours on the phone
with JTAC so far - hoping someone has some ideas ;)
Thanks ;)
SRX210 running 10.0R3.10
access {
profile user-auth-profile {
client leo {
firewall-user {
password "xxxxxxxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
}
}
}
firewall-authentication {
web-authentication {
default-profile user-auth-profile;
}
}
}
security {
ike {
traceoptions {
flag all;
}
proposal phase1-prop {
authentication-method pre-shared-keys;
dh-group group5;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
}
policy ike-pol {
mode aggressive;
proposals phase1-prop;
pre-shared-key ascii-text "xxxxxxxxxxxxxxxxxxxxxxxxxxx"; ##
SECRET-DATA
}
gateway leo {
ike-policy ike-pol;
dynamic hostname leo;
external-interface ge-0/0/0.0;
xauth access-profile user-auth-profile;
}
}
ipsec {
proposal phase2-prop {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
}
policy ipsec-pol {
perfect-forward-secrecy {
keys group2;
}
proposals phase2-prop;
}
vpn leo {
ike {
gateway leo;
ipsec-policy ipsec-pol;
}
}
}
zones {
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
https;
ssh;
ping;
snmp;
ike;
}
}
}
}
}
}
dynamic-vpn {
access-profile user-auth-profile;
clients {
leo {
remote-protected-resources {
10.1.1.0/24;
}
remote-exceptions {
0.0.0.0/0;
}
ipsec-vpn leo;
user {
leo;
}
}
}
}
}
More information about the juniper-nsp
mailing list