[j-nsp] Dynamic VPN with Pulse, AD Integration and more

Jed Laundry jlaundry at jlaundry.com
Fri Mar 28 23:23:55 EDT 2014


Hey,

Just in case everyone missed this, Pulse 5r3 came out 2 days ago, and adds
Dynamic VPN support for the OS X client.

Looks like someone saw this. Whoever it was, thanks!

Thanks,
Jed.



On 25 March 2014 17:32, Louis Kowolowski <louisk at cryptomonkeys.org> wrote:

> Briefly, but I didn't put much effort into it (I already had a working
> solution with vpntracker). I've thought about circling back and trying
> again, but I haven't gotten there yet.
>
>
> On Mar 24, 2014, at 6:22 PM, Skeeve Stevens <
> skeeve+junipernsp at eintellegonetworks.com> wrote:
>
> > Have you tried with the built-in client?
> >
> >
> > ...Skeeve
> >
> > Skeeve Stevens - eintellego Networks Pty Ltd
> > skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> > Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> > facebook.com/eintellegonetworks ; linkedin.com/in/skeeve
> > twitter.com/theispguy ; blog: www.theispguy.com
> >
> > The Experts Who The Experts Call
> > Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> >
> >
> > On Tue, Mar 25, 2014 at 12:18 PM, Louis Kowolowski <
> louisk at cryptomonkeys.org> wrote:
> > I have osx connecting to an srx over ipsec using vpntracker. It works
> quite well.
> > junos 12.1X46-D10.2
> > osx 10.9.x
> > vpntracker 7
> >
> >
> > On Mar 24, 2014, at 3:57 PM, Skeeve Stevens <
> skeeve+junipernsp at eintellegonetworks.com> wrote:
> >
> >> Any other way to get OSX/mobile devices, etc to connect to an SRX VPN?
> >> PPTP? IPSEC?
> >>
> >>
> >> ...Skeeve
> >>
> >> *Skeeve Stevens - *eintellego Networks Pty Ltd
> >> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> >>
> >> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> >>
> >> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> >> linkedin.com/in/skeeve
> >>
> >> twitter.com/theispguy ; blog: www.theispguy.com
> >>
> >>
> >> The Experts Who The Experts Call
> >> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> >>
> >>
> >> On Tue, Mar 25, 2014 at 9:54 AM, Andrew Jones <aj at jonesy.com.au> wrote:
> >>
> >>> I've been told that they have no plans to support OSX on Dynamic VPN. I
> >>> got the impression that Juniper weren't investing in the Dynamic VPN
> >>> product and were pushing people toward MAG etc.
> >>>
> >>> From http://kb.juniper.net/InfoCenter/index?page=content&id=KB17436
> >>>
> >>> The Dynamic VPN feature (Pulse or Juniper Access Manager) is not
> supported
> >>> on the following Operating Systems:
> >>> * Linux
> >>> * Macintosh Desktop Systems including Pulse 3.0 (for more information,
> >>> refer to KB23960 - [SRX] Junos Pulse 3.0 installed on a Mac OS X system
> >>> fails to connect to a SRX device with the dynamic VPN feature).
> >>> * Windows Server
> >>> * iPad/iPhone
> >>> * Android OS
> >>>
> >>>
> >>> On 25.03.2014 09:46, Skeeve Stevens wrote:
> >>>
> >>>> What THE HELL?!
> >>>>
> >>>> Documentation on this?
> >>>>
> >>>> Thanks Chris.
> >>>>
> >>>>
> >>>> ...Skeeve
> >>>>
> >>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
> >>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> >>>>
> >>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> >>>>
> >>>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> >>>> linkedin.com/in/skeeve
> >>>>
> >>>> twitter.com/theispguy ; blog: www.theispguy.com
> >>>>
> >>>>
> >>>> The Experts Who The Experts Call
> >>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> >>>>
> >>>>
> >>>> On Tue, Mar 25, 2014 at 5:36 AM, Chris Jones <ipv6freely at gmail.com>
> >>>> wrote:
> >>>>
> >>>> I don't know if this matters to you, but Pulse does not work in OSX or
> >>>>> iOS/Android when connecting to a SRX with Dynamic VPN. It only works
> in
> >>>>> Windows. Just a caveat if you weren't already aware.
> >>>>>
> >>>>>
> >>>>> On Mon, Mar 24, 2014 at 12:21 AM, Skeeve Stevens <
> >>>>> skeeve+junipernsp at eintellegonetworks.com> wrote:
> >>>>>
> >>>>> Hey all,
> >>>>>>
> >>>>>> I am setting up an SRX with Dynamic VPN with Pulse clients..... I
> know
> >>>>>> some
> >>>>>> don't like it, but it is what we're doing (customer choice).
> >>>>>>
> >>>>>> One thing I am looking for is if anyone has seen any docs on how to
> >>>>>> integrate the Dynamic VPN auth with Active Directory.
> >>>>>>
> >>>>>> Also, does anyone know what flexibility we have with the VPN on a
> per
> >>>>>> use
> >>>>>> basis... such as different IP ranges, different VRF's, firewall
> filters,
> >>>>>> etc etc based against those AD groups.
> >>>>>>
> >>>>>> While this is for a specific rollout, it would be nice to know these
> >>>>>> capabilities across the board for other solutions.
> >>>>>>
> >>>>>> Any pointers to any docs would be fantastic.  I've tried googling,
> but
> >>>>>> came
> >>>>>> up blah.
> >>>>>>
> >>>>>> ...Skeeve
> >>>>>>
> >>>>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
> >>>>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
> >>>>>>
> >>>>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
> >>>>>>
> >>>>>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau
> >
> >>>>>> linkedin.com/in/skeeve
> >>>>>>
> >>>>>> twitter.com/theispguy ; blog: www.theispguy.com
> >>>>>>
> >>>>>>
> >>>>>> The Experts Who The Experts Call
> >>>>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
> >>>>>> _______________________________________________
> >>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>>>>
> >>>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> Chris Jones
> >>>>> JNCIE-ENT #272
> >>>>> CCIE# 25655 (R&S)
> >>>>>
> >>>>> _______________________________________________
> >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>>
> >>>
> >>> _______________________________________________
> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >>>
> >> _______________________________________________
> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
> >
> > --
> > Louis Kowolowski                                louisk at cryptomonkeys.org
> > Cryptomonkeys:
> http://www.cryptomonkeys.com/
> >
> > Making life more interesting for people since 1977
> >
> >
>
>
> --
> Louis Kowolowski                                louisk at cryptomonkeys.org
> Cryptomonkeys:
> http://www.cryptomonkeys.com/
>
> Making life more interesting for people since 1977
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>


More information about the juniper-nsp mailing list