SRX Services Gateway
Reply
Contributor
JNSSJNSS
Posts: 28
Registered: ‎03-28-2009
0

IPsec VPN Support

Hi,

 

Does juniper SRX 240 support Macintosh Clients for establishing VPN?

Super Contributor
tbehrens
Posts: 348
Registered: ‎04-30-2010
0

Re: IPsec VPN Support

You know, I had to look this up. I had forgotten. The answer is: No. Both JunOS Pulse and the SRX-supplied dynamic VPN client only work on Windows. For now.

 

Unless you really like RADIUS servers, you want to wait for JunOS 10.4r2 anyway before deploying dynamic VPN (10.4r1 of you are feeling adventurous, of course). By that time, who knows, a Pulse client for OSX that supports SRX VPNs may have been released.

 

I wouldn't hold my breath, though.

 

Contributor
JNSSJNSS
Posts: 28
Registered: ‎03-28-2009
0

Re: IPsec VPN Support

Thanks. Is there any workaround caz as far as i know NCP has support for MAC OS. I m keen on MAC and Linux client support. :smileyindifferent:

Super Contributor
tbehrens
Posts: 348
Registered: ‎04-30-2010
0

Re: IPsec VPN Support

Snow Leopard has an IPSEC VPN client built in, doesn't it? Previous versions show L2TP/IPSEC, but I think 10.6 can do native IPSEC. You'll know more about that than I do.

 

Similarly, Linux has native IPSEC VPN clients.

 

I'd use one of those clients with JunOS 10.4 (due out any day now). I think 10.4 will have support for pre-shared key on dynamic VPN - release notes will be the final word on that - and that means 3rdparty clients should work with a minimum of pain. I know 10.4 will drop the RADIUS server requirement, which is welcome.

 

Contributor
coolblue
Posts: 40
Registered: ‎05-19-2011
0

Re: IPsec VPN Support

Hi!

 

how must I configure the SRX 210 to support the Snow Leopard native IPSec Client? In the configuration menu it says it is a "Cisco IPSec" Client.

 

With standard dynamic vpn setup it don't work.

 

Error:

Jul  2 01:44:19 KMD_PM_P1_POLICY_LOOKUP_FAILURE: Policy lookup for Phase-1 [responder] failed for p1_local=ipv4(any:0,[0..3]=212.185.189.213) p1_remote=ipv4(any:0,[0..3]=77.183.186.96)


Visitor
kerry
Posts: 6
Registered: ‎04-24-2010
0

Re: IPsec VPN Support

[ Edited ]

You could try looking at the Shrew client - I've installed this on a Mac and got it connected to an SSG OK. Other posts here describe configuring Shrew to connect to an SRX.

 

 

Contributor
coolblue
Posts: 40
Registered: ‎05-19-2011
0

Re: IPsec VPN Support

Is this compatible with Dynamic VPN on the SRX?

 

I look at shrew and on the homepage there are only official builds for linux and windows?!?

Visitor
kerry
Posts: 6
Registered: ‎04-24-2010
0

Re: IPsec VPN Support


coolblue wrote:

Is this compatible with Dynamic VPN on the SRX?

 

I look at shrew and on the homepage there are only official builds for linux and windows?!?


 

Other people in this forum have posted configs for Shrew to SRX Dynamic VPN, and I can definitely confirm a Shrew OSX client works fine to a ScreenOS firewall.

 

Details on a Shrew OSX client can be found here : http://lists.shrew.net/pipermail/vpn-help/2010-November/003223.html

It requires are pretty large download for the QT package.

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.