09-07-2010 01:16 AM
Have not try the "commit full" yet. Will try it.
I have done remove and add back, still failed. I tried remove management url and access using http://ipaddress/login, and still able too, seem like with or without the management url still able to login using http://ipaddress/login.
hmm..from the radius.log i have few rows are Auth: Login OK: [sangar/123456] (from client 192.168.1.1 port 0)
why it use port 0 . =.=??? i thought should be 1812 between radius and SRX
09-08-2010 11:58 PM - edited 09-09-2010 02:17 AM
http://ipaddress/login will work whether dynamic-vpn/management-url is configured or not, it just shows that web-management works, which is why I thought it somehow failed to parse your management-url statement.
Did the commit full work? or a different management-url name ?
Also, start with only one interface in the http interface statement, although only way I can reproduce your problem is if I add lo0.0 in that place.
Otherwise it feels like that pesky bug which I seem to get every now and then when using packet-filters which prevents the logged file from updating until i change name of the trace file.
My log shows the same so you should be fine.
09-10-2010 10:12 PM
Yes i done commit full. But that time wasn't show any change. I tried access today again without doing any commands change. It works right now. ^^
Thanks for your kind help. Really appreciate.
For the radius and dynamicvpn, still troubleshooting. The authentication can be done in local database without radius? seem like it can't. But the support engineer said it is possible. I wonder how the local database assigning the ip address to the vpn client. However, still waiting his answer.
09-16-2010 11:40 PM
I didn't test it behind NAT, the documentation says NAT traversal is enabled by default however, try it