ScreenOS Firewalls (NOT SRX)
Reply
Contributor
miked
Posts: 59
Registered: ‎11-05-2007
0

Junos Pulse

Does anyone know if Junos Pulse will or will ever work with the SSG line?

Mike
Recognized Expert
aweck
Posts: 255
Registered: ‎07-24-2009
0

Re: Junos Pulse

Last I heard, Pulse 1.0 only supports dynamic VPN to SRXs and not SSGs.  I don't know about future support.

Juniper Elite Partner
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL
Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Re: Junos Pulse

Does Junos Pulse client support SSG IPSec VPN?

 

Which IPSec VPN Clients would you recommend to use with SSG IPSec VPN remote user access?

Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Distinguished Expert
echidov
Posts: 858
Registered: ‎11-02-2009
0

Re: Junos Pulse

Hi,

 

NCP IPSec VPN client Juniper Edition is an excellent product (http://www.ncp-e.com/). A free alternative is the ShrewSofrt client (http://www.shrewsoft.com/).

The built-in Windows 7 VPN client can also be used with the certificates and L2TP-over-IPSec. But there is a bug in ScreenOS (tested with 6.3). If multiple users try to establish a VPN from behind the same FW or another NAT-enabled device, using NAT-T, only the first user succeeds. The multiple IPSec VPNs are established correctly but only the first L2TP tunnel starts. The second tunnel cannot be started because ScreenOS incorrectly interprets the L2TP packets from the second client as arriving through the first L2TP tunnel. I consider it as a bug because the IPSec SA contains the original (private) client IPs (uniq IPs) along with the public IP (the same) used for the NAT-T. ScreenOS should be able to sort out which packet belongs to which client. Besides, L2TP packets are transported accross the two different IPSec tunnels and each L2TP tunnel is paired with its own IPSec tunnel.

Kind regards,
Edouard
Trusted Contributor
michael.saw
Posts: 1,048
Registered: ‎09-26-2011
0

Re: Junos Pulse

Hi echidov!

Thanks for the tip!!!
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.