SSL VPN
Reply
Contributor
ricardonilsen
Posts: 27
Registered: ‎07-21-2008
0

Using a Virtual OS in workstation

I´d like to know if the Juniper have a docummentation about problems using VPN SSL in a Workstation using a Virtual OS.

 

I can´t make the SAM works in a VM.

 

thank you

Contributor
Kalex
Posts: 76
Registered: ‎06-19-2009
0

Re: Using a Virtual OS in workstation

Hi Ricardo,

 

could you give us some more info?

 

As I understand it now, you're running a VMware VM under Workstation (Linux, Windows, ...?) and the OS in the VM has trouble running SAM (WSAM, JSAM?).

And what exactly is the problem? Do you have a e.g. have WSAM destination that you cannot reach, although you have configured it in the SA?

 

Thanks in advance,

best regards

Alexander

Regards,
Alex
JNCIA-SSL,FWV,IDP, Security+,Network+,LPIC-1,MCSE:smileyfrustrated:,MCITP:EA
Contributor
ricardonilsen
Posts: 27
Registered: ‎07-21-2008
0

Re: Using a Virtual SO in workstation

Hi Alex,

 

Yes I have a workstation using Windows XP (Virtual) , and nothing that I use through the Secure Application manager works. I can´t see the access log.

Contributor
Kalex
Posts: 76
Registered: ‎06-19-2009
0

Re: Using a Virtual SO in workstation

Hi Ricardo, thanks for clearing that up.

 

Did you:

- create a role that is assigned to the user and allows usage of the WSAM?

- create a resource profile that allows acces to certain destinations and/or access by certain applications? OR

- create a resource policy that allows access?

 

Personally, I prefer the profiles as they are easily configurable (Resource Profile -> SAM -> WSAM Destinations)

 

And before I forget... can you reach the SA by using the https://sa.domain.tld/ ?

And can you reach the destination from the SA itself? (Troubleshooting -> Tools -> ping destination)

 

Best of luck!
Alex

Regards,
Alex
JNCIA-SSL,FWV,IDP, Security+,Network+,LPIC-1,MCSE:smileyfrustrated:,MCITP:EA
Contributor
ricardonilsen
Posts: 27
Registered: ‎07-21-2008
0

Re: Using a Virtual SO in workstation

Alex, Thank you for your fast answer

 

 

I tested the same rules using other workstation and work well.

 

The problem is only when I use Virtual Machines.

Thats why my question.

 

thanks

 

Contributor
Kalex
Posts: 76
Registered: ‎06-19-2009
0

Re: Using a Virtual SO in workstation

Hmm.. do you use a NAT or Bridged NIC in your VM?

Does the VM get its IP by DHCP or is it static?

Regards,
Alex
JNCIA-SSL,FWV,IDP, Security+,Network+,LPIC-1,MCSE:smileyfrustrated:,MCITP:EA
Contributor
Kalex
Posts: 76
Registered: ‎06-19-2009
0

Re: Using a Virtual SO in workstation

I've a little troubling connecting myself, but you should try this knowledge base article if it's available:

 

http://kb.juniper.net/KB9540

Regards,
Alex
JNCIA-SSL,FWV,IDP, Security+,Network+,LPIC-1,MCSE:smileyfrustrated:,MCITP:EA
Contributor
ricardonilsen
Posts: 27
Registered: ‎07-21-2008
0

Re: Using a Virtual SO in workstation

Alex,

 

Im using a  3G modem (USB), but the machine that' s conneccting in this modem is the Virtual Machine, is not the fisical machine.

 

We make logins and access the Webbookmarks, but is not possible to use the applications (with SAM).

 

thanks again

 

Ricardo NIlsen Moreno

JNCIA-FW / JNCIA-SSL  / ITIL V3 Foundations

 

 

Contributor
Kalex
Posts: 76
Registered: ‎06-19-2009
0

Re: Using a Virtual SO in workstation

[ Edited ]

Hi Ricardo,

 

recap, just to make sure:

- the VM has direct access to the USB port (forwarded from the host OS) and has 3G drivers and software installed

- 3G looks working fine (bookmarks etc.) and I'm assuming WSAM is not crashing,

- the host OS or other physical machines are ableto connect and use WSAM as it should be.

So: WSAM simply cannot reach its destinations.

 

Did you try connecting 3G modem to another physical system and connect WSAM?

 

Possibly, you may have problems with overlapping IPs:

 

- assume your destination is server.domain.local on 10.1.1.1/8

- and 3G address is e.g. 10.0.0.25/8

 

Your DNS probably resolved fine but WSAM is trying to connect to the the IP ont the 3G subnet, instead of the remote destination.

Regards,
Alex
JNCIA-SSL,FWV,IDP, Security+,Network+,LPIC-1,MCSE:smileyfrustrated:,MCITP:EA
Moderator
cbarcellos
Posts: 198
Registered: ‎07-11-2008
0

Re: Using a Virtual SO in workstation

Do you have the 3G card in PPP or Ethernet mode? I've seen better results whem these cards were put into Ethernet mode.

 

I don't see why this wouldnt work. I've used a 3G modem connected to a VMware system in the past, and it worked fine.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.