[j-nsp] Juniper Remote IPSec Dynamic with xAuth - Upgrade from 12.1R3.5 to 12.1X44

Fraser McGlinn fraser at frizianz.com
Thu Dec 4 15:12:10 EST 2014 

Sorry yes - Mine is 60 seconds as well. Typo on my end. :)

I’ll mention this PR in the case and will see how we go.

Thanks heaps everyone,


Fraser



> On 5/12/2014, at 9:07 am, Laxmana Polisetti <laxmana at juniper.net> wrote:
> 
> Jed and Fraser,
> 	In our QA lab we found this issue sometime ago, it was a hard one and we
> were able to trace back to a working build X45.D10 and 11.4R9.
> 
> 	For me the tunnel fails after every 60 seconds.
> 
> 	Gnats PR is 1041967.  (Currently in open state).
> 
> Thanks.,
> Laxmana
> 
> On 12/4/14, 11:30 AM, "Fraser McGlinn" <fraser at frizianz.com> wrote:
> 
>> Hey Jed,
>> 
>> Yep sounds about right from my poking around. So from your experience do
>> you reckon its the client causing this? My interpretation of the debug
>> suggests its the SRX killing it. I¹ve managed to get it working in Shrew
>> with leaving the IKE life to 180 seconds on the juniper but configuring
>> it to 60 seconds on the Client config. Annoying, but it works.
>> Haven¹t tried it getting it working on my XUbuntu desktop, but i¹m sure
>> one of these days i¹ll try :)
>> 
>> I¹ve been bouncing stuff backwards and forwards with Graham Brown, but
>> haven¹t got any real reason why it does this. However, I do have a JTAC
>> case open, and they seem to be co-operating in terms of requesting
>> information. But they did point out that some of the VPN features seemed
>> to miss the 12.1R line, which would mean that this is probably an issue
>> that has existed since 11.4 as you¹ve said. See -
>> http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16042&smlogin=tr
>> ue
>> <http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16042&smlogin=t
>> rue>
>> 
>> I¹ll keep everyone updates on where this gets, but a workaround is
>> possible by configuring the above.
>> 
>> Cheers,
>> 
>> Fraser
>> 
>>> On 5/12/2014, at 7:20 am, Jed Laundry <jlaundry at jlaundry.com> wrote:
>>> 
>>> Hi Fraser,
>>> 
>>> On 1 Dec 2014 15:41, "Fraser McGlinn" <fraser at frizianz.com
>>> <mailto:fraser at frizianz.com>> wrote:
>>>> 
>>>> Basically the symptoms are that the VPN connects and remains active
>>> for 30 seconds exactly then drops. Phase 1 Life is 180 seconds so not
>>> even getting close to this.
>>> 
>>> I had the same issue with Shrewsoft on 11.4. In the end I gave up, and
>>> used a patched version of vpnc instead, which has the advantage of
>>> integrating nicely with Gnome (assuming you're wanting to use it with
>>> Linux, as the official pulse client supports MacOS now).
>>> 
>>> Details on how to patch Fedora are on my blog. Ubuntu is there to, but
>>> probably out of date. I've successfully used this with 11.4 and 12.1x44.
>>> 
>>> http://tinyurl.com/q25rzpv <http://tinyurl.com/q25rzpv>
>>> Thanks,
>>> Jed.
>>> 
>>> Sent from a small screen.
>>> 
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20141205/b59fca02/attachment.sig>

More information about the juniper-nsp mailing list