SRX Services Gateway
Reply
Contributor
George_Silverio
Posts: 10
Registered: ‎04-29-2010
0

Dynamic VPN Connections initiated from trust to Dynamic VPN Client

Hi there

 

We need acces some services hosted in dynamic VPN clients.

 

Terminal Service

VNC Server

Voip Softphone.

 

How Can I make it?

 

All connections initiated by Dynamic client work fine, but when initiated from trust zone, dont work....

 

 

Please... this is very important, In many other vendors it work fine.. And we change our firewall vendor thinking that it works...

 

How you can make this workaround?

 

Thanks!

George Silverio da Silva
JNCIS-ENT
IT security specialist
Distinguished Expert
MMcD
Posts: 629
Registered: ‎07-20-2010
0

Re: Dynamic VPN Connections initiated from trust to Dynamic VPN Client

When you say from Trust zone do you mean you are trying to initiate a vpn session from internally?

 

Can you post your config maybe please?  Also explain in detail what you wish to accomplish.  Users connecting from externally?

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Contributor
George_Silverio
Posts: 10
Registered: ‎04-29-2010
0

Re: Dynamic VPN Connections initiated from trust to Dynamic VPN Client

 

 

Example...

 

I have a Dynamic vpn client... and have a VNC Server installed on this client...

 

I cant connect to this vnc server on dynamic vpn client from Trust ZONE...

 

Junipers says it is not supported...

I have a great deception about it...

 

 

George Silverio da Silva
JNCIS-ENT
IT security specialist
Distinguished Expert
MMcD
Posts: 629
Registered: ‎07-20-2010
0

Re: Dynamic VPN Connections initiated from trust to Dynamic VPN Client

This is correct.  Dynamic VPN only supports untrust-to-trust so to speak.  It is not bi-directional and I havnt read anything about it being added as a feature yet either.

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Contributor
George_Silverio
Posts: 10
Registered: ‎04-29-2010
0

Re: Dynamic VPN Connections initiated from trust to Dynamic VPN Client

How you act when need softphones working on dynamic-vpn client

 

Thanks

George Silverio da Silva
JNCIS-ENT
IT security specialist
Distinguished Expert
MMcD
Posts: 629
Registered: ‎07-20-2010
0

Re: Dynamic VPN Connections initiated from trust to Dynamic VPN Client

You cannot have a connection initiated from trust to the untrust (dynamic vpn).  Therefore softphones would not work with a Dynamic VPN setup.

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Contributor
George_Silverio
Posts: 10
Registered: ‎04-29-2010
0

Re: Dynamic VPN Connections initiated from trust to Dynamic VPN Client

Ok... it I undesrtood...

My question is... Do you suggest some kind workaround to make softphone work...?

 

How people are configuring to make softphone work in remote clients?

 

SRX240 - 10.4R8.5

George Silverio da Silva
JNCIS-ENT
IT security specialist
Contributor
rotearc
Posts: 82
Registered: ‎07-10-2010
0

Re: Dynamic VPN Connections initiated from trust to Dynamic VPN Client

How about using a 3rd party vpn client like shrewsoft?  That should get around the dynamic vpn limitation.

 

R

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.