SRX

Hi,

I would like to ask if someone can guide me in a good direction as I could not find info on Juniper Website.

I have heard that Juniper has an on demand IP Sec VPN client software that can be used on stand alone laptops, PCs to connect to SRX and J series routers. This software should be free for one or 2 access and can be licensed for more.

This works with JunOS 9.5. Does anyone know where can I find this software for download and how to get license for more ?

I could not find any IP Sec solution in price list only for SSG, NS, ISG for ScreenOS. 

I would need this for a project and currently SSL VPN is not the option.

I would appreciate any replies on this.

Thanks in advance !

I have not used it (yet), but I believe what you are looking for is called Dynamic VPN on the SRX series.  There should be information about configuring it in the SRX Documentation.  To download the vpn client, I believe you just browse to <ipofSRX>/dynamic-vpn or something close to that.

Good luck

Thanks a lot for the info...;)

I have found the documentation... however it states you can download the Access Manager from Juniper site....there is no sign of that...

Cheers and thanks again !

Wimclend is correct.
It is called Dynamic VPN, and is only available on the SRX210 and SRX240 devices.
It is documented in Part 5, Chapter 20, page 639 of the Security Configuration Guide:
http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-security/junos-security-swconfig-security.pdf

Yes, the documentation says that you can download the Access Manager client from the Juniper website.  It is currently embedded in the Branch SRX-series Install Package.  Juniper's plan is to also have a separate package for the client, but it is not available as of yet.  Note:  The Access Manager Client is included in 9.5. You only need to do download a new Access Manager client from the support site if you need to 'update' the Access Manager Client because of some issue. 

Regards,
Josine

Note:  When I first posted this reply I included the SRX650.  However, I was mistaken.  The Dynamic VPN feature is for the SRX210 and SRX 240.   Please see SRX VPN Config & Troubleshooting Guide.

I have also seen and configured this on a new SRX-100 using JUNOS 10.x. Works fairly well so far.

HI all,

I would like to imput my expreiences with the dynamic VPN client.

I am using Juniper Access Manager version: 1.1.0.5783

So far I give the client 3/5 there are some little things that make me angry

1. Double authentication not sure if this is a bug or feature but my users have to authenticate twice in order for the VPN client to connect

2. Random disconnects my users get prompted to authenticate once they are on the VPN session I assume this has something to do with IKE timers so I set mine longer. But it happens randomly

3. When I access resources that are located at a branch location (connected via site to site VPN to the HO location) VPN client prompts me to re-authenticate

This client works great for Windows 7 machines! so far I find it pretty helpful once they fix the bugs this is going to be a great client!

Hi Pentin,

Where can I find the Access Manager on the support side. I want to make sure my clients have the latest version.

Thanks

The Access Manager Client downloads from your SRX Appliance when you connect to it via https://SRX-IP/dynamic-vpn

It's important to note (in case anyone finds this old thread) that Windows 7 is not officially supported for the dynamic vpn client.  We've tried it and it's not stable although it will work for a few hours, maybe even a day before it dies.  Sometimes we just log back in.  Other times we need to completely uninstall it, reboot, reinstall it.

JTAC's stance is that it's not supported and won't assist.  We should also note that we haven't been able to get any other third party vpn clients to work with our srx240's either...  It's been our experience that, and from speaking with other customers at our datacenter, that the juni vpn is notriously bad.

---

@PentinProcessor wrote:

Wimclend is correct.
It is called Dynamic VPN, and is only available on the SRX210 and SRX240 devices.
It is documented in Part 5, Chapter 20, page 639 of the Security Configuration Guide:
http://www.juniper.net/techpubs/software/junos-security/junos-security95/junos-security-swconfig-security/junos-security-swconfig-security.pdf

Yes, the documentation says that you can download the Access Manager client from the Juniper website.  It is currently embedded in the Branch SRX-series Install Package.  Juniper's plan is to also have a separate package for the client, but it is not available as of yet.  Note:  The Access Manager Client is included in 9.5. You only need to do download a new Access Manager client from the support site if you need to 'update' the Access Manager Client because of some issue. 

 

Regards,
Josine

 

 

Note:  When I first posted this reply I included the SRX650.  However, I was mistaken.  The Dynamic VPN feature is for the SRX210 and SRX 240.   Please see SRX VPN Config & Troubleshooting Guide.

Message Edited by PentinProcessor on 06-04-2009 08:25 AM

Message Edited by PentinProcessor on 07-28-2009 07:22 AM

Message Edited by PentinProcessor on 07-28-2009 07:25 AM

---

If you say Dynamic VPN is only available on the SRX210 and 240 then why is it listed for the SRX100 as well?

http://www.juniper.net/us/en/local/pdf/datasheets/1000281-en.pdf (page 7)