[j-nsp] Dynamic VPN with Pulse, AD Integration and more

Skeeve Stevens skeeve+junipernsp at eintellegonetworks.com
Sat Mar 29 01:36:44 EDT 2014


That is awesome... Will be trying it this weekend!

Any news on the iPad/Android clients supporting dynamic?


...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
skeeve at eintellegonetworks.com ; www.eintellegonetworks.com

Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve

facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
linkedin.com/in/skeeve

twitter.com/theispguy ; blog: www.theispguy.com


The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering


On Sat, Mar 29, 2014 at 2:23 PM, Jed Laundry <jlaundry at jlaundry.com> wrote:

> Hey,
>
> Just in case everyone missed this, Pulse 5r3 came out 2 days ago, and adds
> Dynamic VPN support for the OS X client.
>
> Looks like someone saw this. Whoever it was, thanks!
>
> Thanks,
> Jed.
>
>
>
> On 25 March 2014 17:32, Louis Kowolowski <louisk at cryptomonkeys.org> wrote:
>
>> Briefly, but I didn't put much effort into it (I already had a working
>> solution with vpntracker). I've thought about circling back and trying
>> again, but I haven't gotten there yet.
>>
>>
>> On Mar 24, 2014, at 6:22 PM, Skeeve Stevens <
>> skeeve+junipernsp at eintellegonetworks.com> wrote:
>>
>> > Have you tried with the built-in client?
>> >
>> >
>> > ...Skeeve
>> >
>> > Skeeve Stevens - eintellego Networks Pty Ltd
>> > skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>> > Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>> > facebook.com/eintellegonetworks ; linkedin.com/in/skeeve
>> > twitter.com/theispguy ; blog: www.theispguy.com
>> >
>> > The Experts Who The Experts Call
>> > Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>> >
>> >
>> > On Tue, Mar 25, 2014 at 12:18 PM, Louis Kowolowski <
>> louisk at cryptomonkeys.org> wrote:
>> > I have osx connecting to an srx over ipsec using vpntracker. It works
>> quite well.
>> > junos 12.1X46-D10.2
>> > osx 10.9.x
>> > vpntracker 7
>> >
>> >
>> > On Mar 24, 2014, at 3:57 PM, Skeeve Stevens <
>> skeeve+junipernsp at eintellegonetworks.com> wrote:
>> >
>> >> Any other way to get OSX/mobile devices, etc to connect to an SRX VPN?
>> >> PPTP? IPSEC?
>> >>
>> >>
>> >> ...Skeeve
>> >>
>> >> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> >> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>> >>
>> >> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>> >>
>> >> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>> >> linkedin.com/in/skeeve
>> >>
>> >> twitter.com/theispguy ; blog: www.theispguy.com
>> >>
>> >>
>> >> The Experts Who The Experts Call
>> >> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>> >>
>> >>
>> >> On Tue, Mar 25, 2014 at 9:54 AM, Andrew Jones <aj at jonesy.com.au>
>> wrote:
>> >>
>> >>> I've been told that they have no plans to support OSX on Dynamic VPN.
>> I
>> >>> got the impression that Juniper weren't investing in the Dynamic VPN
>> >>> product and were pushing people toward MAG etc.
>> >>>
>> >>> From http://kb.juniper.net/InfoCenter/index?page=content&id=KB17436
>> >>>
>> >>> The Dynamic VPN feature (Pulse or Juniper Access Manager) is not
>> supported
>> >>> on the following Operating Systems:
>> >>> * Linux
>> >>> * Macintosh Desktop Systems including Pulse 3.0 (for more information,
>> >>> refer to KB23960 - [SRX] Junos Pulse 3.0 installed on a Mac OS X
>> system
>> >>> fails to connect to a SRX device with the dynamic VPN feature).
>> >>> * Windows Server
>> >>> * iPad/iPhone
>> >>> * Android OS
>> >>>
>> >>>
>> >>> On 25.03.2014 09:46, Skeeve Stevens wrote:
>> >>>
>> >>>> What THE HELL?!
>> >>>>
>> >>>> Documentation on this?
>> >>>>
>> >>>> Thanks Chris.
>> >>>>
>> >>>>
>> >>>> ...Skeeve
>> >>>>
>> >>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> >>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>> >>>>
>> >>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>> >>>>
>> >>>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>> >>>> linkedin.com/in/skeeve
>> >>>>
>> >>>> twitter.com/theispguy ; blog: www.theispguy.com
>> >>>>
>> >>>>
>> >>>> The Experts Who The Experts Call
>> >>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>> >>>>
>> >>>>
>> >>>> On Tue, Mar 25, 2014 at 5:36 AM, Chris Jones <ipv6freely at gmail.com>
>> >>>> wrote:
>> >>>>
>> >>>> I don't know if this matters to you, but Pulse does not work in OSX
>> or
>> >>>>> iOS/Android when connecting to a SRX with Dynamic VPN. It only
>> works in
>> >>>>> Windows. Just a caveat if you weren't already aware.
>> >>>>>
>> >>>>>
>> >>>>> On Mon, Mar 24, 2014 at 12:21 AM, Skeeve Stevens <
>> >>>>> skeeve+junipernsp at eintellegonetworks.com> wrote:
>> >>>>>
>> >>>>> Hey all,
>> >>>>>>
>> >>>>>> I am setting up an SRX with Dynamic VPN with Pulse clients..... I
>> know
>> >>>>>> some
>> >>>>>> don't like it, but it is what we're doing (customer choice).
>> >>>>>>
>> >>>>>> One thing I am looking for is if anyone has seen any docs on how to
>> >>>>>> integrate the Dynamic VPN auth with Active Directory.
>> >>>>>>
>> >>>>>> Also, does anyone know what flexibility we have with the VPN on a
>> per
>> >>>>>> use
>> >>>>>> basis... such as different IP ranges, different VRF's, firewall
>> filters,
>> >>>>>> etc etc based against those AD groups.
>> >>>>>>
>> >>>>>> While this is for a specific rollout, it would be nice to know
>> these
>> >>>>>> capabilities across the board for other solutions.
>> >>>>>>
>> >>>>>> Any pointers to any docs would be fantastic.  I've tried googling,
>> but
>> >>>>>> came
>> >>>>>> up blah.
>> >>>>>>
>> >>>>>> ...Skeeve
>> >>>>>>
>> >>>>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> >>>>>> skeeve at eintellegonetworks.com ; www.eintellegonetworks.com
>> >>>>>>
>> >>>>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 ; skype://skeeve
>> >>>>>>
>> >>>>>> facebook.com/eintellegonetworks ;  <
>> http://twitter.com/networkceoau>
>> >>>>>> linkedin.com/in/skeeve
>> >>>>>>
>> >>>>>> twitter.com/theispguy ; blog: www.theispguy.com
>> >>>>>>
>> >>>>>>
>> >>>>>> The Experts Who The Experts Call
>> >>>>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>> >>>>>> _______________________________________________
>> >>>>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >>>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>>>
>> >>>>> --
>> >>>>> Chris Jones
>> >>>>> JNCIE-ENT #272
>> >>>>> CCIE# 25655 (R&S)
>> >>>>>
>> >>>>> _______________________________________________
>> >>>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >>>>
>> >>>
>> >>> _______________________________________________
>> >>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >>>
>> >> _______________________________________________
>> >> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> >
>> >
>> > --
>> > Louis Kowolowski
>> louisk at cryptomonkeys.org
>> > Cryptomonkeys:
>> http://www.cryptomonkeys.com/
>> >
>> > Making life more interesting for people since 1977
>> >
>> >
>>
>>
>> --
>> Louis Kowolowski                                louisk at cryptomonkeys.org
>> Cryptomonkeys:
>> http://www.cryptomonkeys.com/
>>
>> Making life more interesting for people since 1977
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>


More information about the juniper-nsp mailing list