[j-nsp] Juniper Remote IPSec Dynamic with xAuth - Upgrade from 12.1R3.5 to 12.1X44

Fraser McGlinn fraser at frizianz.com
Thu Dec 4 14:30:50 EST 2014


Hey Jed,

Yep sounds about right from my poking around. So from your experience do you reckon its the client causing this? My interpretation of the debug suggests its the SRX killing it. I’ve managed to get it working in Shrew with leaving the IKE life to 180 seconds on the juniper but configuring it to 60 seconds on the Client config. Annoying, but it works.
Haven’t tried it getting it working on my XUbuntu desktop, but i’m sure one of these days i’ll try :)

I’ve been bouncing stuff backwards and forwards with Graham Brown, but haven’t got any real reason why it does this. However, I do have a JTAC case open, and they seem to be co-operating in terms of requesting information. But they did point out that some of the VPN features seemed to miss the 12.1R line, which would mean that this is probably an issue that has existed since 11.4 as you’ve said. See - http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16042&smlogin=true <http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16042&smlogin=true>

I’ll keep everyone updates on where this gets, but a workaround is possible by configuring the above.

Cheers,

Fraser

> On 5/12/2014, at 7:20 am, Jed Laundry <jlaundry at jlaundry.com> wrote:
> 
>  Hi Fraser,
> 
> On 1 Dec 2014 15:41, "Fraser McGlinn" <fraser at frizianz.com <mailto:fraser at frizianz.com>> wrote:
> >
> > Basically the symptoms are that the VPN connects and remains active for 30 seconds exactly then drops. Phase 1 Life is 180 seconds so not even getting close to this.
> 
> I had the same issue with Shrewsoft on 11.4. In the end I gave up, and used a patched version of vpnc instead, which has the advantage of integrating nicely with Gnome (assuming you're wanting to use it with Linux, as the official pulse client supports MacOS now).
> 
> Details on how to patch Fedora are on my blog. Ubuntu is there to, but probably out of date. I've successfully used this with 11.4 and 12.1x44.
> 
> http://tinyurl.com/q25rzpv <http://tinyurl.com/q25rzpv>
> Thanks,
> Jed.
> 
> Sent from a small screen.
> 



More information about the juniper-nsp mailing list