srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade

cy · ‎09-28-2010

Hi,

i upgraded an SRX210 from 10.1 to 11.4R4.4 last night, and now it is not handing out the DNS server ip to dynamic-vpn clients anymore.

i use pulse, and i only get this for dns servers:

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1

The Configuration of the SRX has not been changed, neither has the Exchange Server that manages Radius for Authentication.

Do i have to change the config for 11.4 to work? i read the release notes but i didnt find any clue.

thx in advance,

Chris

--

You can also find me on Freenode IRC in #juniper, my handle is "cy[]"

MMcD · ‎07-20-2010

Hi,

It sounds like a bug to me, is there any specific reason you want to go to 11.4 rather than the recommended release of JUNOS 10.4R10.7?

If you want to go to 11.1 R4.4 I know this works without issue. I have it on a box running dynamic vpns successfully.

MMcD [JNCIS-SEC, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]

cy · ‎09-28-2010

actually (thanks to Tim Eberhard, whom i love very much right now), i found out what went wrong.

apparently somewhere between 10.1 and 11.4 Juniper changed the radius "vendor-specific" Vendor code for DNS ( from 4874 to 2636 ).

You will find the new code in KB22482

http://kb.juniper.net/InfoCenter/index?page=content&id=KB22482&smlogin=true

The KB is from January 2012, so apparently it has been changed somehow recently.

Maybe this helps someone who runs into this, too.

--

You can also find me on Freenode IRC in #juniper, my handle is "cy[]"

srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade

Re: srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade

Re: srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade