SRX

last person joined: 14 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX210: Settings for Client using Dynamic VPN

    Posted 03-10-2014 01:52

    Hi,

     

    i'm new to VPN with Juniper.

    I have a SRX210 and set up a dynamic VPN using the Webconfig. With my Windows 7 PC and Juniper Pulse i can connect to the SRX and reach my clients back at home.

     

    Now i try connect with my Android Smartphone. I'm trying to use this client:

    https://play.google.com/store/apps/details?id=de.ncp.vpn.basic

     

    I have trouble setting up the connection, as i'm not sure what i should set:

    Client is asking for "IKE ID / Group ID Type". I can select "IP Address" "FQDN" "FQ Username" and some others.


    Then its asking for the "IKE / Groupe ID".

     

    Somewhere here i think i go wrong. The Client cancels the connection every time with "No response in state Message 2".

     

    Can anyone tell me what i'm doing wrong?

     

    This is my ike/ipsec Config on the SRX:

     

    root@srx210# show security ike 
policy ike_pol_wizard_dyn_vpn {
    mode aggressive;
    proposal-set compatible;
    pre-shared-key ascii-text "XXXXX"; ## SECRET-DATA
}
gateway gw_wizard_dyn_vpn {
    ike-policy ike_pol_wizard_dyn_vpn;
    dynamic {
        hostname srx210;
        connections-limit 50;
        ike-user-type group-ike-id;
    }
    external-interface fe-0/0/7.0;
    xauth access-profile remote_access_profile;
}

policy ipsec_pol_wizard_dyn_vpn {
    proposal-set compatible;
}
vpn wizard_dyn_vpn {
    ike {
        gateway gw_wizard_dyn_vpn;
        ipsec-policy ipsec_pol_wizard_dyn_vpn;
    }
}

     

    For any hint or comment i would be very thankful.

     

    Sven



  • 2.  RE: SRX210: Settings for Client using Dynamic VPN

     


  • 3.  RE: SRX210: Settings for Client using Dynamic VPN

    Posted 03-10-2014 02:20

    Thanks. Any hint with which one i should start?



  • 4.  RE: SRX210: Settings for Client using Dynamic VPN

    Posted 03-10-2014 02:23

    Hi

     

    The Android Pulse client is for the SSL/MAG series only.  The SRX only supports the MAc/Windows Pulse client connections only.

     

    Please look at the following doc for supported mobile platforms.

     

    http://www.juniper.net/techpubs/software/pulse/releasenotes/j-pulse-mobile-5.0r1-supportedplatforms.pdf



  • 5.  RE: SRX210: Settings for Client using Dynamic VPN

    Posted 03-10-2014 02:27

    Yeah, i got that. That's why i use the client mentioned in my first posting. I HOPE it would work...



  • 6.  RE: SRX210: Settings for Client using Dynamic VPN
    Best Answer

     
    Posted 03-10-2014 02:38

    Ah! I missed to read platform properly.

    Third party clients cannot establish VPN connection with SRX.

    Junos uses properitary mechanism to push configuration/IPSec parameters.

     

    Regards,

    Raveen



  • 7.  RE: SRX210: Settings for Client using Dynamic VPN

    Posted 03-10-2014 02:41

    Nah, i was afraid of it. I hoped i could make it work somehow.

     

    Guess i have to life with that. Thanks!



  • 8.  RE: SRX210: Settings for Client using Dynamic VPN

     
    Posted 03-10-2014 02:47

    I understand your situation!

    You could mark the post as accepted solution that way it helps other as well, kudos will be cool 😉

     

    Regards,

    Raven



  • 9.  RE: SRX210: Settings for Client using Dynamic VPN

    Posted 03-10-2014 02:55

    Sure, you're right.

     

    Regards,

    Sven