SRX Services Gateway
Reply
Contributor
microguy
Posts: 14
Registered: ‎09-01-2010
0

SRX Dynamic VPN with Tek Radius Server

 

Hello guys,

 

I have been configuring Dynamic VPN on my SRX 210 device, since I didn't have Steel Belted Radius server and had to use a free radius server. Therefore I tried freeradius server which didnt work for me. I then installed TekRadius server which is also a free software and worked perfectly fine.

 

I faced loads of difficulties while configuring this radius thing for dynamic vpn. On netscreen, it was pretty much easy to configure dialup vpn.

 

All you need to do is, download the tekradius server from http://www.tekradius.com/download.html

 

Create a username which you configured on the SRX device, after creating the username, add three attributes to the user.

 

1. UserPassword         (check)

2. FrammedIP               (success-reply)

3. FrammedNetmask  (success-reply

 

Then come under 'client' tab and define the IP address of your SRX device, type in the secret key and select 'juniper' as the vendor.

 

Then user 'Setting' tab, there you will have to define the service parameters along with SQL settings.

 

save theconfiguration and restart the tekradius service.

 

Make sure that the listening port and the secret key are same on both tekradius and SRX device.

 

If the configurations are defined properly then the user would be able to get connected with the protected source but he might not be able to access the protected resource.

 

To rectify the issue, you would need to define a proxy arp on the interface connected to protected resource.

 

Follow this http://kb.juniper.net/KB17442

 

If you find my post helpful, then please mark this helpful

 

Regards,

Fahad Afzal 

 

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.