[j-nsp] Dynamic VPN with Pulse, AD Integration and more

Skeeve Stevens skeeve+junipernsp at eintellegonetworks.com
Mon Mar 24 19:17:26 EDT 2014 

OK, Given Windows 7/8 has a built-in IPSEC client, what is the value Pulse
adds?  Sounds like I may not need a client at all?


...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering


On Tue, Mar 25, 2014 at 10:04 AM, Chris Jones <ipv6freely at gmail.com> wrote:

> Well thats exactly it, Pulse on Windows does SSLVPN and IPSec. On OSX and
> mobile, its SSL only. Dynamic VPN is an IPSec remote access VPN, so that's
> why it doesn't work.
>
> Yes, built in IPSec clients for OSX will connect to Dynamic VPN just fine
> AFAIK, you just can't use Pulse. I'm not sure about iOS and Android though.
>
>
> On Mon, Mar 24, 2014 at 3:57 PM, Skeeve Stevens <
> skeeve+junipernsp at eintellegonetworks.com> wrote:
>
>> Any other way to get OSX/mobile devices, etc to connect to an SRX VPN?
>> PPTP? IPSEC?
>>
>>
>> ...Skeeve
>>
>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>>
>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>>
>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>> linkedin.com/in/skeeve
>>
>> twitter.com/theispguy ; blog: www.theispguy.com
>>
>>
>> The Experts Who The Experts Call
>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>>
>>
>> On Tue, Mar 25, 2014 at 9:54 AM, Andrew Jones <aj at jonesy.com.au> wrote:
>>
>> > I've been told that they have no plans to support OSX on Dynamic VPN. I
>> > got the impression that Juniper weren't investing in the Dynamic VPN
>> > product and were pushing people toward MAG etc.
>> >
>> > From http://kb.juniper.net/InfoCenter/index?page=content&id=KB17436
>> >
>> > The Dynamic VPN feature (Pulse or Juniper Access Manager) is not
>> supported
>> > on the following Operating Systems:
>> > * Linux
>> > * Macintosh Desktop Systems including Pulse 3.0 (for more information,
>> > refer to KB23960 - [SRX] Junos Pulse 3.0 installed on a Mac OS X system
>> > fails to connect to a SRX device with the dynamic VPN feature).
>> > * Windows Server
>> > * iPad/iPhone
>> > * Android OS
>> >
>> >
>> > On 25.03.2014 09:46, Skeeve Stevens wrote:
>> >
>> >> What THE HELL?!
>> >>
>> >> Documentation on this?
>> >>
>> >> Thanks Chris.
>> >>
>> >>
>> >> ...Skeeve
>> >>
>> >> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> >> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>> >>
>> >> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>> >>
>> >> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>> >> linkedin.com/in/skeeve
>> >>
>> >> twitter.com/theispguy ; blog: www.theispguy.com
>> >>
>> >>
>> >> The Experts Who The Experts Call
>> >> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>> >>
>> >>
>> >> On Tue, Mar 25, 2014 at 5:36 AM, Chris Jones <ipv6freely at gmail.com>
>> >> wrote:
>> >>
>> >>  I don't know if this matters to you, but Pulse does not work in OSX or
>> >>> iOS/Android when connecting to a SRX with Dynamic VPN. It only works
>> in
>> >>> Windows. Just a caveat if you weren't already aware.
>> >>>
>> >>>
>> >>> On Mon, Mar 24, 2014 at 12:21 AM, Skeeve Stevens <
>> >>> skeeve+junipernsp at eintellegonetworks.com> wrote:
>> >>>
>> >>>  Hey all,
>> >>>>
>> >>>> I am setting up an SRX with Dynamic VPN with Pulse clients..... I
>> know
>> >>>> some
>> >>>> don't like it, but it is what we're doing (customer choice).
>> >>>>
>> >>>> One thing I am looking for is if anyone has seen any docs on how to
>> >>>> integrate the Dynamic VPN auth with Active Directory.
>> >>>>
>> >>>> Also, does anyone know what flexibility we have with the VPN on a per
>> >>>> use
>> >>>> basis... such as different IP ranges, different VRF's, firewall
>> filters,
>> >>>> etc etc based against those AD groups.
>> >>>>
>> >>>> While this is for a specific rollout, it would be nice to know these
>> >>>> capabilities across the board for other solutions.
>> >>>>
>> >>>> Any pointers to any docs would be fantastic.  I've tried googling,
>> but
>> >>>> came
>> >>>> up blah.
>> >>>>
>> >>>> ...Skeeve
>> >>>>
>> >>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> >>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>> >>>>
>> >>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>> >>>>
>> >>>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>> >>>> linkedin.com/in/skeeve
>> >>>>
>> >>>> twitter.com/theispguy ; blog: www.theispguy.com
>> >>>>
>> >>>>
>> >>>> The Experts Who The Experts Call
>> >>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>> >>>> _______________________________________________
>> >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>> --
>> >>> Chris Jones
>> >>> JNCIE-ENT #272
>> >>> CCIE# 25655 (R&S)
>> >>>
>> >>>  _______________________________________________
>> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >>
>> >
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Chris Jones
> JNCIE-ENT #272
> CCIE# 25655 (R&S)
>

More information about the juniper-nsp mailing list