01-01-2011 03:28 PM
Does anyone have any experience setting up a vpn with a SRX210
I need assistance as i am having no luck whatsover making it work...
If you have gtalk or aim even better..please help if possible
01-01-2011 04:16 PM
Sent you a private message, trying to configure a vpn on a srx210 for employees. we have a windows 2008 domain controller, Users who sign into the vpn must authenticate against this, and get a ip address from the domain controller...where do i start?
01-01-2011 04:21 PM
I think it is the best to stay in the public forum so that others can attend the thread. One option would be to let handle Windows the whole VPN stuff and just to allow incoming PPTP and GRE traffic on the SRX (in case you do PPTP VPN, other options are L2TP over IPSec or the SSL tunneled VPN, introduced with Windows Server 2008). This requires configuring the Routing and Remote Access service. Advantage is the close AD integration that must be otherwise configured through RADIUS.
If you like to handle all VPN related stuff on the SRX, this can by achieved as mentioned by using RADIUS and the Pulse/Dynamic VPN client.
01-01-2011 04:31 PM
A good introduction to Dynamic/VPN is this KB article:
to achieve your goal, more things need to be taken into account. RADIUS integration of your DC, probably Pulse client etc.
But I suggest you look at this article and come back with concrete questions.
01-01-2011 04:45 PM
Yes, you need a RADIUS server. SRX can't speak LDAP. Luckily, the built in IAS (or the Network Policy and Access Services how the are called in Windows Server 2008 and above), will work perfectly, integrate well into the AD and are free of charge.
01-01-2011 04:49 PM
Ok, so i will configure the 2008 domain controller to be a RADIUS server as well...Then what is my next step for configuring the SRX210, the instructions are very difficult to navigate. I know i need to go to https://-ipaddress/dynamic-vpn at some point
01-01-2011 05:08 PM
I personally prefere PULSE client to connect. This KB article addresss the PULSE specific steps:
The general approach remains the same. This KB article addresses the general steps very detailed:
01-01-2011 05:12 PM
Okay, so i configured my domain controller as a RADIUS Server, and i set the SRX210 as a client, What do i need to do now on the SRX210 to allow me to login via the RADIUS Server? Thanks for the input so far
01-01-2011 05:15 PM
I suggest to install JUNOS 10.4 R1 on your SRX. Then you can use the interactive VPN wizard from GUI. This PDF from the KB article I mentioned contains a detailed step by step instruction for doing so including configuring the SRX as RADIUS client:
01-01-2011 06:52 PM
RADIUS should always be the first entry. To have local database as second, you can use this order:
set system authentication-order [ radius password ]
But nevertheless this only applies if you want to handle users for firewall management over RADIUS. For VPN authentication, you would use this command:
set access profile dyn-vpn-access-profile authentication-order radius
Example from the PDF.