[j-nsp] Dynamic VPN with Pulse, AD Integration and more

Louis Kowolowski louisk at cryptomonkeys.org
Tue Mar 25 00:32:40 EDT 2014 

Briefly, but I didn’t put much effort into it (I already had a working solution with vpntracker). I’ve thought about circling back and trying again, but I haven’t gotten there yet.


On Mar 24, 2014, at 6:22 PM, Skeeve Stevens <skeeve+junipernsp at eintellegonetworks.com> wrote:

> Have you tried with the built-in client?
> 
> 
> ...Skeeve
> 
> Skeeve Stevens - eintellego Networks Pty Ltd
> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> facebook.com/eintellegonetworks ; linkedin.com/in/skeeve 
> twitter.com/theispguy ; blog: www.theispguy.com
> 
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> 
> 
> On Tue, Mar 25, 2014 at 12:18 PM, Louis Kowolowski <louisk at cryptomonkeys.org> wrote:
> I have osx connecting to an srx over ipsec using vpntracker. It works quite well.
> junos 12.1X46-D10.2
> osx 10.9.x
> vpntracker 7
> 
> 
> On Mar 24, 2014, at 3:57 PM, Skeeve Stevens <skeeve+junipernsp at eintellegonetworks.com> wrote:
> 
>> Any other way to get OSX/mobile devices, etc to connect to an SRX VPN?
>> PPTP? IPSEC?
>> 
>> 
>> ...Skeeve
>> 
>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>> 
>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>> 
>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>> linkedin.com/in/skeeve
>> 
>> twitter.com/theispguy ; blog: www.theispguy.com
>> 
>> 
>> The Experts Who The Experts Call
>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>> 
>> 
>> On Tue, Mar 25, 2014 at 9:54 AM, Andrew Jones <aj at jonesy.com.au> wrote:
>> 
>>> I've been told that they have no plans to support OSX on Dynamic VPN. I
>>> got the impression that Juniper weren't investing in the Dynamic VPN
>>> product and were pushing people toward MAG etc.
>>> 
>>> From http://kb.juniper.net/InfoCenter/index?page=content&id=KB17436
>>> 
>>> The Dynamic VPN feature (Pulse or Juniper Access Manager) is not supported
>>> on the following Operating Systems:
>>> * Linux
>>> * Macintosh Desktop Systems including Pulse 3.0 (for more information,
>>> refer to KB23960 - [SRX] Junos Pulse 3.0 installed on a Mac OS X system
>>> fails to connect to a SRX device with the dynamic VPN feature).
>>> * Windows Server
>>> * iPad/iPhone
>>> * Android OS
>>> 
>>> 
>>> On 25.03.2014 09:46, Skeeve Stevens wrote:
>>> 
>>>> What THE HELL?!
>>>> 
>>>> Documentation on this?
>>>> 
>>>> Thanks Chris.
>>>> 
>>>> 
>>>> ...Skeeve
>>>> 
>>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>>>> 
>>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>>>> 
>>>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>>>> linkedin.com/in/skeeve
>>>> 
>>>> twitter.com/theispguy ; blog: www.theispguy.com
>>>> 
>>>> 
>>>> The Experts Who The Experts Call
>>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>>>> 
>>>> 
>>>> On Tue, Mar 25, 2014 at 5:36 AM, Chris Jones <ipv6freely at gmail.com>
>>>> wrote:
>>>> 
>>>> I don't know if this matters to you, but Pulse does not work in OSX or
>>>>> iOS/Android when connecting to a SRX with Dynamic VPN. It only works in
>>>>> Windows. Just a caveat if you weren't already aware.
>>>>> 
>>>>> 
>>>>> On Mon, Mar 24, 2014 at 12:21 AM, Skeeve Stevens <
>>>>> skeeve+junipernsp at eintellegonetworks.com> wrote:
>>>>> 
>>>>> Hey all,
>>>>>> 
>>>>>> I am setting up an SRX with Dynamic VPN with Pulse clients..... I know
>>>>>> some
>>>>>> don't like it, but it is what we're doing (customer choice).
>>>>>> 
>>>>>> One thing I am looking for is if anyone has seen any docs on how to
>>>>>> integrate the Dynamic VPN auth with Active Directory.
>>>>>> 
>>>>>> Also, does anyone know what flexibility we have with the VPN on a per
>>>>>> use
>>>>>> basis... such as different IP ranges, different VRF's, firewall filters,
>>>>>> etc etc based against those AD groups.
>>>>>> 
>>>>>> While this is for a specific rollout, it would be nice to know these
>>>>>> capabilities across the board for other solutions.
>>>>>> 
>>>>>> Any pointers to any docs would be fantastic.  I've tried googling, but
>>>>>> came
>>>>>> up blah.
>>>>>> 
>>>>>> ...Skeeve
>>>>>> 
>>>>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>>>>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>>>>>> 
>>>>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>>>>>> 
>>>>>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>>>>>> linkedin.com/in/skeeve
>>>>>> 
>>>>>> twitter.com/theispguy ; blog: www.theispguy.com
>>>>>> 
>>>>>> 
>>>>>> The Experts Who The Experts Call
>>>>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>>>>>> _______________________________________________
>>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>>>> 
>>>>>> 
>>>>> 
>>>>> 
>>>>> --
>>>>> Chris Jones
>>>>> JNCIE-ENT #272
>>>>> CCIE# 25655 (R&S)
>>>>> 
>>>>> _______________________________________________
>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>>> 
>>> 
>>> _______________________________________________
>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>> 
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> 
> 
> --
> Louis Kowolowski                                louisk at cryptomonkeys.org
> Cryptomonkeys:                                   http://www.cryptomonkeys.com/
> 
> Making life more interesting for people since 1977
> 
> 


--
Louis Kowolowski                                louisk at cryptomonkeys.org
Cryptomonkeys:                                   http://www.cryptomonkeys.com/

Making life more interesting for people since 1977

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20140324/1c8cd860/attachment.sig>

More information about the juniper-nsp mailing list