[j-nsp] SRX vx IPad IOS Junos Pulse

Jonathan Lassoff jof at thejof.com
Tue Jun 28 00:01:55 EDT 2011


On Mon, Jun 27, 2011 at 6:12 PM, Ben Dale <bdale at comlinx.com.au> wrote:
> Last time I looked (which was a while ago), the iPad/iPhone version of pulse used SSL to establish the VPN Tunnel.
>
> The SRX only support Pulse over IPSEC (which the Windows client also supports).
>
> The Secure Access (now Juniper Pulse Gateway/MAGx600) appliance supports both SSL and IPSEC termination using Pulse.
>
> Confused? ; )

Indeed, I think that the iOS Pulse client only terminates on gateways
running the IVE-style SSL VPN software.

I've used both the SA-2500 and MAG2600 for terminating Pulse and
Network Connect clients (both to IVE/SSL VPN software), and both
worked just fine. As far as the software goes, it's a little bloated
(in my opinion), but it gets the job done and CPUs are fast and disk
space is cheap nowadays.

I've had some luck configuring Macintosh OS X to terminate IPSec/L2TP
on an SRX in the past, so presumably the iOS client could be coerced
into doing something similar.

>From what I hear from SEs and resellers is that the SA-2500 (maybe
other SA appliances) are being EOLed in favor of the newer MAG
appliances. They're Intel Atom boxes that can run the IVE (SSL VPN) or
UAC/NAC (802.1x, virus scanning, etc.) software set on the same
hardware.
I've found them to be a little funky in that they don't seem all that
well-suited for datacenter use. The simplest unit (MAG2600) requires
an additional tray for rack-mounting, and most seem to have one-sided
or side-to-side airflow.


More information about the juniper-nsp mailing list