[j-nsp] Junos Dynamic VPN

Phillip Heller pheller at me.com
Thu May 1 12:30:49 EDT 2014 

FYI: Pulse supports Dynamic VPN on the MacOS Client as of release 5.0.3.

Regards,

  Phil

On May 1, 2014, at 12:38 AM, Tim Dykes <ttdykes at gmail.com> wrote:

> Dynamic VPN on SRX is a pain in the ass. doesnt do half of what you would
> expect it to do. Go a SA instead.
> 
> Its built on IPSec (unlike the MAG which is ssl vpn)
> 
> Pulse from a mobile will work, Pulse on a Mac wont. Heres the official list:
> 
> *Junos Pulse*
> 
>   - Vista (32-bit and 64-bit)
>   - Windows XP (32-bit and 64-bit)
>   - Windows 7 (32-bit and 64-bit)
>   - Windows 8.0 (32-bit and 64-bit)
>   - Windows 8.1 (32-bit and 64-bit)
> 
> *Junos Access Manager*
> 
>   - Windows XP 32-bit and 64-bit with any service pack
>   - Windows Vista 32-bit and 64-bit with any service pack
>   - Windows 7 32-bit and 64-bit with any service pack (Junos 10.4 and
>   above only)
> 
> 
> 
> 
> I dont think you can route from a client though the ipsec session (if thats
> what you mean). Once you are in the VPN public IP's dont mean much and
> return routes are hard to install for a dynamic session. I would suggest a
> true IPSec (device to device) vpn for that.
> 
> Tim Dykes
> 
> M: 041 962 0603
> E: ttdykes at gmail.com
> 
> 
> On Wed, Apr 30, 2014 at 12:50 PM, Ali Sumsam
> <ali+junipernsp at eintellego.net>wrote:
> 
>> Hi all,
>> 
>> I have a SRX240 cluster and doing VPN to it using Junos pulse client.
>> 
>> My first question is, can we use a mac or windows client to connect this
>> VPN rather than the Junos Pulse?
>> 
>> One of the options, Junose pulse shows is the "SRX". What is the protocol
>> behind VPN Type "SRX"?
>> 
>> My second question is about the routing through the VPN session. Is it
>> possible to run the internet through the VPN. Has someone ever done that?
>> 
>> My rough idea is, If I send default route to the VPN client
>> and
>> on the client's PC, set a route in which pointing SRX's public IP towards
>> the main internet connection of the PC.
>> This way SRX public IP will be reachable from the client's PC and default
>> route will be pointing towards the VPN.
>> 
>> Please comment.
>> 
>> Thanks,
>> 
>> *Ali Sumsam - *eintellego Networks Pty Ltd
>> Senior Network Engineer
>> ali at eintellegonetworks.com ; www.eintellegonetworks.com
>> 
>> Phone: 1300 239 038; Cell +61 (0)450 609 592 ; skype://sumsam.ali80
>> 
>> facebook.com/eintellegonetworks ;  <http://twitter.com/networkceoau>
>> linkedin.com/in/alisumsam
>> 
>> 
>> The Experts Who The Experts Call
>> Juniper - Cisco - Cloud
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list