Can you please indicate which version you're using, and

what happens if you deactivate dynamic vpn in the config ?

Hi shinn,

welcome to the forum. Did i understand you correct that when you enter the IP address from your srx to access the gui, you will be directly redirected to the dynamic-vpn login page?

Did you use this pdf to configure dynamic-vpn?

http://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/dynamic-vpn-appnote-v12.pdf

Hi pkc,

Yes , i just upgraded to 10.3r1.9 for both JUNOS software and Web Management

Hi Sebastian,

 Yes, It keep redirecting me to the dynamic-vpn page.  I use that pdf guide to configure dynamic-vpn but failed. I m using freeradius as radius server. Any idea on configure radius server?

Hi Adam,

yes i m using 10.3. Thanks for your info.

But it seem the only solution is to separate the interface for both? Am i right?

Current senario is i am sharing both(jweb enabled&dynamicvpn configured) with a same interface. It will Navigates to the dynamic VPN login page.

Is not working after i tried it. Anything i configured wrong?

root@test# show system services web-management
management-url my-jweb;
http {
    interface [ ge-0/0/0.0 ge-0/0/2.0 ge-0/0/3.0 vlan.200 vlan.100 ge-0/0/4.0 ];
}
https {
    system-generated-certificate;
    interface [ ge-0/0/0.0 ge-0/0/2.0 ge-0/0/3.0 ge-0/0/4.0 vlan.100 vlan.200 ];
}

[edit]
root@test#

So i should type http://x.x.x.x/my-jweb to login, am i right? But i getting "http 404 Not Found"

Hi,

Yes, http://yourip/my-jweb/ should work

attached a config of the test I did of this, with freeradius.

Might want to do some traces.

Hi Adam,

Thanks for replying.

I m not able access with http://x.x.x.x/my-jweb/, getting access error :404--Not Found.

I have configured almost the same with your config for dynamic vpn

Is it need to configure routing for the vpn client?

May i know how you configure your freeradius???

test-user       Cleartext-Password := "testpass"
        Service-Type = Framed-User,
        Framed-Protocol = PPP,
        Framed-IP-Address = 192.168.0.10,
        Framed-IP-Netmask = 255.255.255.0,

client 10.10.10.1/24 {
        secret          = testsecret
        shortname       = SRX
}

Hi,

You are great. Yes, i able to access using http://ipaddress/login. It's work.

But not http://ipaddress/my-jweb. Wonder why ..^^

Actually nothing different the config of your and mines. Just worry something goes wrong for my freeradius config that actually deny assigning ip address. My freeradius is window based, not linux.

Dynamic vpn not working. The srx that implemented actually is behind one load balancer linkproof. However, i dont think have anything to do with it, and may be for NATing it does tho..

This is the zones setting:

root@test# show security zones

security-zone untrust {

    screen untrust;

    host-inbound-traffic {

        system-services {

            all;

        }

        protocols {

            all;

        }

    }

    interfaces {

        ge-0/0/4.0;

    }

}

basically, everything is all. Restarted the web-management too. Still failed.

I might be wrong, but to me it seems like it didn't manage to parse "management-url", try a "commit full". Else you could try and remove the management-url, commit, and then adding it again, see if it makes any difference to the outcome. If it still doesn't work after that I really don't know. Someone else might be able to answer you then.

When it comes to dynamic-vpn, what part doesn't work ? Do you get successful authentications in your radius.log ?

in freeradiusd.conf you can enable auth logging with "auth = yes"

I've noticed different versions of freeradius got different syntax in users configuration, which will cause a correct password to still fail. See the example configuration in your "users" and note exactly how it's written.