SRX Services Gateway
Reply
Contributor
tekguy2k
Posts: 27
Registered: ‎01-01-2011
0

VPN Configuration

Does anyone have any experience setting up a vpn with a SRX210

 

I need assistance as i am having no luck whatsover making it work...

 

If you have gtalk or aim even better..please help if possible

Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: VPN Configuration

What's your problem mate? :smileyhappy:

 

Regards,

Dominik

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Contributor
tekguy2k
Posts: 27
Registered: ‎01-01-2011
0

Re: VPN Configuration

Sent you a private message, trying to configure a vpn on a srx210 for employees. we have a windows 2008 domain controller, Users who sign into the vpn must authenticate against this, and get a ip address from the domain controller...where do i start?

Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: VPN Configuration

I think it is the best to stay in the public forum so that others can attend the thread. One option would be to let handle Windows the whole VPN stuff and just to allow incoming PPTP and GRE traffic on the SRX (in case you do PPTP VPN, other options are L2TP over IPSec or the SSL tunneled VPN, introduced with Windows Server 2008). This requires configuring the Routing and Remote Access service. Advantage is the close AD integration that must be otherwise configured through RADIUS.

 

If you like to handle all VPN related stuff on the SRX, this can by achieved as mentioned by using RADIUS and the Pulse/Dynamic VPN client.

 

Regards,

Dominik

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: VPN Configuration

A good introduction to Dynamic/VPN is this KB article:

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB14318

 

to achieve your goal, more things need to be taken into account. RADIUS integration of your DC, probably Pulse client etc.

 

But I suggest you look at this article and come back with concrete questions.

 

Regards,

Dominik

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Contributor
tekguy2k
Posts: 27
Registered: ‎01-01-2011
0

Re: VPN Configuration

A question is this...do i need a radius server? i thought the firewall can authenticate to the Domain Controller via LDAP...sorry i am new at this

Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: VPN Configuration

Yes, you need a RADIUS server. SRX can't speak LDAP. Luckily, the built in IAS (or the Network Policy and Access Services how the are called in Windows Server 2008 and above), will work perfectly, integrate well into the AD and are free of charge.

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Contributor
tekguy2k
Posts: 27
Registered: ‎01-01-2011
0

Re: VPN Configuration

Ok, so i will configure the 2008 domain controller to be a RADIUS server as well...Then what is my next step for configuring the SRX210, the instructions are very difficult to navigate. I know i need to go to https://-ipaddress/dynamic-vpn at some point

Recognized Expert
Dominik
Posts: 392
Registered: ‎01-05-2008
0

Re: VPN Configuration

I personally prefere PULSE client to connect. This KB article addresss the PULSE specific steps:

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB17641

 

The general approach remains the same. This KB article addresses the general steps very detailed:

 

http://kb.juniper.net/InfoCenter/index?page=content&id=TN7

 

Regards,

Dominik

JNCIE et al.

--
The Axiom of Choice is obviously true, the well-ordering principle obviously false, and who can tell about Zorn's lemma?
Contributor
tekguy2k
Posts: 27
Registered: ‎01-01-2011
0

Re: VPN Configuration

Okay, so i configured my domain controller as a RADIUS Server, and i set the SRX210 as a client, What do i need to do now on the SRX210 to allow me to login via the RADIUS Server? Thanks for the input so far

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.