SRX Services Gateway
Reply
Contributor
Andron
Posts: 21
Registered: ‎08-15-2010
0

I can not receive IP the address in Virtual Adapter

I can not receive IP the address in Virtual Adapter
FreeRadius works

> radtest andr andron 192.168.100.200 1812 135
Sending Access-Request of id 239 to 192.168.100.200 port 1812
        User-Name = "andr"
        User-Password = "andron"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 1812
rad_recv: Access-Accept packet from host 192.168.100.200:1812, id=239, length=44
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = 192.168.103.10
        Framed-IP-Netmask = 255.255.255.0

Help!

Contributor
microguy
Posts: 14
Registered: ‎09-01-2010
0

Re: I can not receive IP the address in Virtual Adapter

[ Edited ]

 

FreeRadius didnt work for me too, I then tried another free radius server i.e. TekRadius

 

Please read my following post

 

http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Dynamic-VPN-with-Tek-Radius-Server/td-p/53370

 

Let me know if that works for you

Contributor
Andron
Posts: 21
Registered: ‎08-15-2010
0

Re: I can not receive IP the address in Virtual Adapter

I use CENTOS - distribution kit Linux. Tekradius won't approach.
I don't manage to receive Juniper Ethernet Adapter at performance ipconfig on client WIN XP

Contributor
Andron
Posts: 21
Registered: ‎08-15-2010
0

Re: I can not receive IP the address in Virtual Adapter

It my SRX-210-config

 

JUNOS 10.3R1.9 built 2010-08-13

> show configuration security ike
proposal phase1-dynamic {
    description gr2-3des-sha;
    authentication-method pre-shared-keys;
    dh-group group2;
    authentication-algorithm sha1;
    encryption-algorithm 3des-cbc;
}
policy andron-d-ike {                   
    mode aggressive;
    description andron-dynamic-ike;
    proposals phase1-dynamic;
    pre-shared-key ascii-text "$9$3.Wr6/tleW7Nbev2aGif51RESKM"; ## SECRET-DATA
}
gateway andron-ike-gw {
    ike-policy andron-d-ike;
    dynamic hostname andron12;
    external-interface ge-0/0/0.0;
    xauth access-profile radius-server;
}


> show configuration security ipsec  
proposal phase2-dynamic {
    description esp-3des-sha1;
    protocol esp;
    authentication-algorithm hmac-sha1-96;
    encryption-algorithm 3des-cbc;
}
policy andron-ipsec-d {
    description andron-ipsec-dynamic;
    perfect-forward-secrecy {
        keys group2;
    }
    proposals phase2-dynamic;
}
vpn andron-vpn {
    ike {
        gateway andron-ike-gw;
        ipsec-policy andron-ipsec-d;
    }
}


> show configuration access              
profile radius-server {
    authentication-order radius;
    radius-server {
        192.168.100.200 {
            port 1812;
            secret "$9$j/HP5Fn/uBICA7-bwg4Fn6CO1lKMWX7"; ## SECRET-DATA
            timeout 5;
            retry 10;
        }
    }
}
firewall-authentication {
    web-authentication {
        default-profile radius-server;
    }
    traceoptions {
        flag all;
    }
}


> show configuration security policies from-zone untrust to-zone trust
policy untrust-to-trust {
    match {
        source-address any;
        destination-address any;
        application any;
    }
    then {
        deny;
    }
}
policy andron {
    match {
        source-address any;
        destination-address any;
        application any;
    }
    then {
        permit {
            tunnel {
                ipsec-vpn andron-vpn;
            }
        }
    }
}


> show configuration interfaces
interface-range interfaces-trust {
    member fe-0/0/2;
    member fe-0/0/3;
    member fe-0/0/4;
    member fe-0/0/5;
    member fe-0/0/6;
    member fe-0/0/7;
}
ge-0/0/0 {
    description "WAN. Gigabit Ethernet Interface 'ge-0/0/0'";
    unit 0 {
        description WAN;
        family inet {
            address x8.x10.73x.17x/22;
        }
    }
}
fe-0/0/7 {
    description "To-Server. Fast Ethernet Interface 'fe-0/0/7'";
    unit 0 {
        description LAN-to-server;
        family inet {
            address 192.168.100.1/24;
        }
    }
}
lo0 {
    unit 0 {
        family inet {
            address 127.0.0.1/32;
        }
    }
}

> show configuration security dynamic-vpn
access-profile radius-server;
clients {
    andron {
        remote-protected-resources {
            192.168.100.0/24;
        }
        remote-exceptions {
            0.0.0.0/0;
        }
        ipsec-vpn andron-vpn;
        user {
            andron-radius;
        }
    }
}


It my RADIUS-users (freeradius2 server)


cat /etc/raddb/users
andron-radius Cleartext-Password := "123456"
                Framed-IP-Address = 192.168.100.11,
                Framed-IP-Netmask = 255.255.255.0

 

 

Contributor
Andron
Posts: 21
Registered: ‎08-15-2010
0

Re: I can not receive IP the address in Virtual Adapter

Debug in SRX .....

 

srx-210% tail -f /var/log/auth-debug

 

Sep 27 16:55:38 AUTHEN - module(radius) return: ASYNC
Sep 27 16:55:38 RADIUS server 192.168.100.200:1812 was used for last request
Sep 27 16:55:38 Radius result is CLIENT_REQ_STATUS_SUCCESS
Sep 27 16:55:38 authd_radius_parse_message:generic-type:8
Sep 27 16:55:38 authd_radius_parse_message:generic-type:9
Sep 27 16:55:38 Framework - module(radius) return: SUCCESS

 

It`s ok?

Point connection result in window Connection Status the empty
The interface in the list ipconfig isn't present!

Already the brain has broken! ytlp my! peoples!

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.