[j-nsp] Junos Dynamic VPN

Tim Dykes ttdykes at gmail.com
Thu May 1 00:38:06 EDT 2014 

Dynamic VPN on SRX is a pain in the ass. doesnt do half of what you would
expect it to do. Go a SA instead.

Its built on IPSec (unlike the MAG which is ssl vpn)

Pulse from a mobile will work, Pulse on a Mac wont. Heres the official list:

*Junos Pulse*

   - Vista (32-bit and 64-bit)
   - Windows XP (32-bit and 64-bit)
   - Windows 7 (32-bit and 64-bit)
   - Windows 8.0 (32-bit and 64-bit)
   - Windows 8.1 (32-bit and 64-bit)

*Junos Access Manager*

   - Windows XP 32-bit and 64-bit with any service pack
   - Windows Vista 32-bit and 64-bit with any service pack
   - Windows 7 32-bit and 64-bit with any service pack (Junos 10.4 and
   above only)




I dont think you can route from a client though the ipsec session (if thats
what you mean). Once you are in the VPN public IP's dont mean much and
return routes are hard to install for a dynamic session. I would suggest a
true IPSec (device to device) vpn for that.

Tim Dykes

M: 041 962 0603
E: ttdykes at gmail.com


On Wed, Apr 30, 2014 at 12:50 PM, Ali Sumsam
<ali+junipernsp at eintellego.net>wrote:

> Hi all,
>
> I have a SRX240 cluster and doing VPN to it using Junos pulse client.
>
> My first question is, can we use a mac or windows client to connect this
> VPN rather than the Junos Pulse?
>
> One of the options, Junose pulse shows is the "SRX". What is the protocol
> behind VPN Type "SRX"?
>
> My second question is about the routing through the VPN session. Is it
> possible to run the internet through the VPN. Has someone ever done that?
>
> My rough idea is, If I send default route to the VPN client
>  and
> on the client's PC, set a route in which pointing SRX's public IP towards
> the main internet connection of the PC.
> This way SRX public IP will be reachable from the client's PC and default
> route will be pointing towards the VPN.
>
> Please comment.
>
> Thanks,
>
> *Ali Sumsam - *eintellego Networks Pty Ltd
> Senior Network Engineer
> ali at eintellegonetworks.com ; www.eintellegonetworks.com
>
> Phone: 1300 239 038; Cell +61 (0)450 609 592 ; skype://sumsam.ali80
>
> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
> linkedin.com/in/alisumsam
>
>
> The Experts Who The Experts Call
> Juniper - Cisco - Cloud
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list