05-25-2012 04:49 AM
Solved! Go to Solution.
05-26-2012 09:04 PM
I'm tracking this issue as well. By chance, how is the SA deployed? Is it standalone or clustered, one-armed/two-armed configuration, and is the interface behind a firewall?
JNCIE-SEC #69, JNCIE-ENT #492, JNCSP-SEC, JNCIS-SA, JNCIS-AC
05-27-2012 09:35 PM
05-27-2012 09:36 PM
05-27-2012 09:39 PM
05-29-2012 09:55 AM - edited 05-29-2012 09:57 AM
Open Below ports on the Firewall from Untrust to SSL-VPN Zone...
From SSL-VPN Guide:
For VPN tunneling to communicate, the following ports must be open: UDP port 4242 on loopback address TCP port 443 If using ESP mode, the UDP port configured on the Secure Access Service ( default is UDP 4500).
Pg # 740
05-29-2012 11:48 AM
Thanks Sajid. I'm going to try this solution. Did you have make changes on your endpoints? Or on the perimeter firewall? Thanks!
05-29-2012 12:24 PM
I just opened a port 4500 UDP on the firewall from Untrust to SSL-VPN.
Actually the problem is with JunosPulse Client v3 fallback from ESP to SSL tunnel.
Previous version v2.1 is switch quicky from ESP to SSL as fallback, but in v3 they have some delay.
its up to you either switch your connection profile from ESP to SSL or keep ESP and open port 4500 UDP.
VPN Tunneling Connection Profiles > "Connection Profile name"
ESP (maximize performance) "Required port 4500 UDP to open on the Firewall"
SSL (maximize compatibility) "work with port 443"
Let me know if you have any query.
06-03-2012 05:10 AM
06-04-2012 10:06 PM
By default, ESP is selected in IVE OS 7.2r1.1, and JunosPulse Client 3 taks some time to failover from ESP to SSL Transport.
On the SSL VPN side, I forced to SSL and its perfectly working without any delay or without opening any extra port on the Firewall.
And is Tunnel is Over SSL.
06-19-2012 07:48 AM
Currently, I am using SSL Tunnel (layer 4) and not facing any performance issue. The advantage of using this SSL-Tunnel, No need to open any port on server (SSL-VPN) or client side.