[j-nsp] SRX 300 VPN

Roger Wiklund roger.wiklund at gmail.com
Fri May 25 15:11:33 EDT 2018


My bad, IKEv2 is not supported for dynamic VPNs.

https://www.juniper.net/documentation/en_US/junos/topics/concept/vpn-security-dynamic-tunnel-understanding.html

On Fri, May 25, 2018 at 8:37 PM, Roger Wiklund <roger.wiklund at gmail.com>
wrote:

> Juniper sold Junos Pulse and that became Pulse Secure.
>
> The SRX300 supports SSL VPN but requires the third party NCP client (not
> free).
>
> For "free" SSL VPN use OpenVPN or download Pulse Connect Secure VM: (no
> time limit, 3 users)
>
> https://www.pulsesecure.net/trynow/pulse-connect-secure/
> https://www.pulsesecure.net/trynow/client-download/
>
> For IKEv2 both Windows 10 and Mac OS X clients should work.
>
> Did you try this config?
>
> https://www.juniper.net/documentation/en_US/junos/
> topics/example/vpn-security-dynamic-example-configuring.html
>
>
>
>
>
>
>
>
> On Fri, May 25, 2018 at 12:44 AM, Louis Kowolowski <
> louisk at cryptomonkeys.org> wrote:
>
>> This may not work on Junos 18, I haven't done anything with it since
>> Junos 12), and it doesn't use any native clients, but I got it working
>> following this
>> https://www.cryptomonkeys.com/2013/10/juniper-srx-mobile-ipsec/ <
>> https://www.cryptomonkeys.com/2013/10/juniper-srx-mobile-ipsec/>
>>
>>
>> > On May 24, 2018, at 2:46 PM, Łukasz Trąbiński <lukasz at trabinski.net>
>> wrote:
>> >
>> > Hi
>> >
>> > I’m trying setup dynamic VPN (using 18.1R1.9) on SRX 300 - I want to
>> have access from internet to my home network.
>> >
>> > First, I’m confused about vpn client. Should I use Junos Pulse?  I’t
>> looks like not supported by Juniper right now (latest version is from
>> 2015).  Should I use Pulse Secure?
>> > I’ts possible to use „native” vpn client from mac os x or Windows?  I
>> also found information that Dynamic VPN is not supported on new SRX boxes.
>> > If it still supported, where I can find newest documentation how to
>> correctly setup?
>> >
>> > Of course I tried confgiure vpn tunel but without success. Below,
>> fragment form logs / trace debug:
>> >
>> > [May 21 10:48:38]IKEv1 packet R(<none>:500 <- xx.xx.xx.xx :500): len=
>>  40, mID=125b77cb, HDR, N(NO_PROPOSAL_CHOSEN)
>> > [May 21 10:48:38]ike_st_i_n: Start, doi = 1, protocol = 1, code = No
>> proposal chosen (14), spi[0..0] = 00000000 00000000 ..., data[0..0] =
>> 00000000 00000000 ...
>> > [May 21 10:48:38]<none>:500 (Responder) <-> xx.xx.xx.xx:62252 {
>> c14a7f01 1d013489 - 82bf44a1 0fddfa77 [0] / 0x125b77cb } Info; Received
>> notify err = No proposal chosen (14) to isakmp sa, delete it
>> >
>> > Where I can find some examples of proper configuration dynamic vpn for
>> actual version of Junos?
>> >
>> > _______________________________________________
>> > juniper-nsp mailing list juniper-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>> --
>> Louis Kowolowski                                louisk at cryptomonkeys.org
>> <mailto:louisk at cryptomonkeys.org>
>> Cryptomonkeys:
>> http://www.cryptomonkeys.com/ <http://www.cryptomonkeys.com/>
>>
>> Making life more interesting for people since 1977
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>


More information about the juniper-nsp mailing list