[j-nsp] SRX 300 VPN

Michael Loftis mloftis at wgops.com
Thu May 24 15:55:27 EDT 2018


I wouldn’t bother. Terminating anything other than static site to site on
SRX is a nightmare. The clients are trash even when they work. Install
openvpn internally and port forward.

On Thu, May 24, 2018 at 13:47 Łukasz Trąbiński <lukasz at trabinski.net> wrote:

> Hi
>
> I’m trying setup dynamic VPN (using 18.1R1.9) on SRX 300 - I want to have
> access from internet to my home network.
>
> First, I’m confused about vpn client. Should I use Junos Pulse?  I’t looks
> like not supported by Juniper right now (latest version is from 2015).
> Should I use Pulse Secure?
> I’ts possible to use „native” vpn client from mac os x or Windows?  I also
> found information that Dynamic VPN is not supported on new SRX boxes.
> If it still supported, where I can find newest documentation how to
> correctly setup?
>
> Of course I tried confgiure vpn tunel but without success. Below, fragment
> form logs / trace debug:
>
> [May 21 10:48:38]IKEv1 packet R(<none>:500 <- xx.xx.xx.xx :500): len=
>  40, mID=125b77cb, HDR, N(NO_PROPOSAL_CHOSEN)
> [May 21 10:48:38]ike_st_i_n: Start, doi = 1, protocol = 1, code = No
> proposal chosen (14), spi[0..0] = 00000000 00000000 ..., data[0..0] =
> 00000000 00000000 ...
> [May 21 10:48:38]<none>:500 (Responder) <-> xx.xx.xx.xx:62252 { c14a7f01
> 1d013489 - 82bf44a1 0fddfa77 [0] / 0x125b77cb } Info; Received notify err =
> No proposal chosen (14) to isakmp sa, delete it
>
> Where I can find some examples of proper configuration dynamic vpn for
> actual version of Junos?
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
-- 

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler


More information about the juniper-nsp mailing list