SRX Services Gateway
Reply
cy
Contributor
cy
Posts: 75
Registered: ‎09-28-2010
0
Accepted Solution

srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade

Hi,

 

i upgraded an SRX210 from 10.1 to 11.4R4.4 last night, and now it is not handing out the DNS server ip to dynamic-vpn clients anymore.

 

i use pulse, and i only get this for dns servers:

 

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1

 

The Configuration of the SRX has not been changed, neither has the Exchange Server that manages Radius for Authentication.

 

Do i have to change the config for 11.4 to work? i read the release notes but i didnt find any clue.

 

thx in advance,

 

Chris

 

--

You can also find me on Freenode IRC in #juniper, my handle is "cy[]"
Distinguished Expert
MMcD
Posts: 628
Registered: ‎07-20-2010
0

Re: srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade

Hi,

 

It sounds like a bug to me,  is there any specific reason you want to go to 11.4 rather than the recommended release of JUNOS 10.4R10.7?

 

If you want to go to 11.1 R4.4 I know this works without issue.   I have it on a box running dynamic vpns successfully.

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
cy
Contributor
cy
Posts: 75
Registered: ‎09-28-2010
0

Re: srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade

actually (thanks to Tim Eberhard, whom i love very much right now), i found out what went wrong.

 

apparently somewhere between 10.1 and 11.4 Juniper changed the radius "vendor-specific" Vendor code for DNS ( from 4874 to 2636 ).

You will find the new code in KB22482

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB22482&smlogin=true

The KB is from January 2012, so apparently it has been changed somehow recently.

 

Maybe this helps someone who runs into this, too.

--

You can also find me on Freenode IRC in #juniper, my handle is "cy[]"
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.