[j-nsp] Dynamic VPN with Pulse, AD Integration and more

Louis Kowolowski louisk at cryptomonkeys.org
Mon Mar 24 21:18:06 EDT 2014


I have osx connecting to an srx over ipsec using vpntracker. It works quite well.
junos 12.1X46-D10.2
osx 10.9.x
vpntracker 7


On Mar 24, 2014, at 3:57 PM, Skeeve Stevens <skeeve+junipernsp at eintellegonetworks.com> wrote:

> Any other way to get OSX/mobile devices, etc to connect to an SRX VPN?
> PPTP? IPSEC?
> 
> 
> ...Skeeve
> 
> *Skeeve Stevens - *eintellego Networks Pty Ltd
> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> 
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> 
> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> linkedin.com/in/skeeve
> 
> twitter.com/theispguy ; blog: www.theispguy.com
> 
> 
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> 
> 
> On Tue, Mar 25, 2014 at 9:54 AM, Andrew Jones <aj at jonesy.com.au> wrote:
> 
>> I've been told that they have no plans to support OSX on Dynamic VPN. I
>> got the impression that Juniper weren't investing in the Dynamic VPN
>> product and were pushing people toward MAG etc.
>> 
>> From http://kb.juniper.net/InfoCenter/index?page=content&id=KB17436
>> 
>> The Dynamic VPN feature (Pulse or Juniper Access Manager) is not supported
>> on the following Operating Systems:
>> * Linux
>> * Macintosh Desktop Systems including Pulse 3.0 (for more information,
>> refer to KB23960 - [SRX] Junos Pulse 3.0 installed on a Mac OS X system
>> fails to connect to a SRX device with the dynamic VPN feature).
>> * Windows Server
>> * iPad/iPhone
>> * Android OS
>> 
>> 
>> On 25.03.2014 09:46, Skeeve Stevens wrote:
>> 
>>> What THE HELL?!
>>> 
>>> Documentation on this?
>>> 
>>> Thanks Chris.
>>> 
>>> 
>>> ...Skeeve
>>> 
>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>>> 
>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>>> 
>>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>>> linkedin.com/in/skeeve
>>> 
>>> twitter.com/theispguy ; blog: www.theispguy.com
>>> 
>>> 
>>> The Experts Who The Experts Call
>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>>> 
>>> 
>>> On Tue, Mar 25, 2014 at 5:36 AM, Chris Jones <ipv6freely at gmail.com>
>>> wrote:
>>> 
>>> I don't know if this matters to you, but Pulse does not work in OSX or
>>>> iOS/Android when connecting to a SRX with Dynamic VPN. It only works in
>>>> Windows. Just a caveat if you weren't already aware.
>>>> 
>>>> 
>>>> On Mon, Mar 24, 2014 at 12:21 AM, Skeeve Stevens <
>>>> skeeve+junipernsp at eintellegonetworks.com> wrote:
>>>> 
>>>> Hey all,
>>>>> 
>>>>> I am setting up an SRX with Dynamic VPN with Pulse clients..... I know
>>>>> some
>>>>> don't like it, but it is what we're doing (customer choice).
>>>>> 
>>>>> One thing I am looking for is if anyone has seen any docs on how to
>>>>> integrate the Dynamic VPN auth with Active Directory.
>>>>> 
>>>>> Also, does anyone know what flexibility we have with the VPN on a per
>>>>> use
>>>>> basis... such as different IP ranges, different VRF's, firewall filters,
>>>>> etc etc based against those AD groups.
>>>>> 
>>>>> While this is for a specific rollout, it would be nice to know these
>>>>> capabilities across the board for other solutions.
>>>>> 
>>>>> Any pointers to any docs would be fantastic.  I've tried googling, but
>>>>> came
>>>>> up blah.
>>>>> 
>>>>> ...Skeeve
>>>>> 
>>>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>>>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>>>>> 
>>>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>>>>> 
>>>>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>>>>> linkedin.com/in/skeeve
>>>>> 
>>>>> twitter.com/theispguy ; blog: www.theispguy.com
>>>>> 
>>>>> 
>>>>> The Experts Who The Experts Call
>>>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>>>>> _______________________________________________
>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> --
>>>> Chris Jones
>>>> JNCIE-ENT #272
>>>> CCIE# 25655 (R&S)
>>>> 
>>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>> 
>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


--
Louis Kowolowski                                louisk at cryptomonkeys.org
Cryptomonkeys:                                   http://www.cryptomonkeys.com/

Making life more interesting for people since 1977

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20140324/4cbccc0c/attachment.sig>


More information about the juniper-nsp mailing list