Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

sajidalisajid · ‎07-08-2010

Hi I am facing with JunosPulse v3.0.1.20017 to SA v7.2R1.1 (build 20761). The VPN Tunnel is getting established without any problem, but the response from remote server (ping/telnet/ssh or http) after 1 minutes and 30-55 seconds. Regards, Ali

everette.denney · ‎07-06-2011

I'm seeing the same issue. How are your boxes configured? We are doing cert auth first, then LDAP.

dark1587 · ‎08-01-2008

I'm tracking this issue as well. By chance, how is the SA deployed? Is it standalone or clustered, one-armed/two-armed configuration, and is the interface behind a firewall?

---
JNCIE-SEC #69, JNCIS-ENT, JNCIS-SSL, JNCIS-AC, JNCIA-IDP, JNCIA-WX

sajidalisajid · ‎07-08-2010

Hi everette.denney, I have only AD authentication and the best part is that JunosPulse 2.1.4.19851 perfectly work without any delay (same configuration/authentication etc). The problem start with JunosPulse 3.0.1.20017. Regards, Sajid

sajidalisajid · ‎07-08-2010

Hi Dark1587, I don't have any problem with JunosPulse 2.1, the start with Latest version of JunosPulse 3. SA is HA cluster and running in the DMZ (single arm deployment). Regards, Sajid

sajidalisajid · ‎07-08-2010

I have open a ticket with JTech, explained with SecureMeeting Session. But the problem with JTech, the tech guys are not able to understand the problem etc. Its almost a month and still they are not able to resolve it. Regards, Sajid

sajidalisajid · ‎07-08-2010

Solution

Open Below ports on the Firewall from Untrust to SSL-VPN Zone...

From SSL-VPN Guide:

For VPN tunneling to communicate, the following ports must be open: UDP port 4242 on loopback address TCP port 443 If using ESP mode, the UDP port configured on the Secure Access Service ( default is UDP 4500).

http://kb.juniper.net/InfoCenter/index?page=content&id=KB21762&actp=search&viewlocale=en_US&searchid...

Admin Guide: http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.2-adminguide.pdf

Pg # 740

Regards,

Sajid

everette.denney · ‎07-06-2011

Thanks Sajid. I'm going to try this solution. Did you have make changes on your endpoints? Or on the perimeter firewall? Thanks!

sajidalisajid · ‎07-08-2010

Hi Everette,

I just opened a port 4500 UDP on the firewall from Untrust to SSL-VPN.

Actually the problem is with JunosPulse Client v3 fallback from ESP to SSL tunnel.

Previous version v2.1 is switch quicky from ESP to SSL as fallback, but in v3 they have some delay.

its up to you either switch your connection profile from ESP to SSL or keep ESP and open port 4500 UDP.

VPN Tunneling Connection Profiles > "Connection Profile name"

Connection Settings

Transport

Default is

ESP (maximize performance) "Required port 4500 UDP to open on the Firewall"

2nd option

SSL (maximize compatibility) "work with port 443"

Let me know if you have any query.

Regards,

Sajid

EBailleul · ‎06-27-2011

Hi,

Version 2.1.x did not support ESP actually. It's a new feature of IVE 7.2 and Pulse 3.

b.r.

Emmanuel

Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Solution === Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Re: Solution === Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Re: Solution === Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)

Re: Solution === Re: Junos Pulse 3.0.1.20017 Reponse Issue from SA 7.2R1.1 (build 20761)