I'm evaluating a VSRX appliance (v15.1X49) to look into the viability of using it for a remote location. Up until now I've been having pretty good luck, but I'm having trouble getting a dynamic VPN built based on these instructions (https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-dynamic-vpns-with-pulse-...)
The problem I am running into is that when I try to start assigning the clients defined in the config with the dynamic VPN, it's acting like that part of the tree doesn't exist. Specifically:
[edit security]root# edit ?Possible completions:> address-book Security address book> advance-policy-based-routing Configure advance-policy-based-routing rules> alarms Configure security alarms> alg Configure ALG security options> analysis Configure security analysis> application-firewall Configure application-firewall rule-sets> application-tracking Application tracking configuration> certificates X.509 certificate configuration> dynamic-address Configure security dynamic address> firewall-authentication Firewall authentication parameters> flow FLOW configuration> forwarding-options Security-forwarding-options configuration> forwarding-process Configure security forwarding-process options> gprs GPRS configuration> group-vpn Group VPN configuration> idp Configure IDP> ike IKE configuration> ipsec IPSec configuration> ipsec-policy IPSec policy configuration> log Configure security log> nat Configure Network Address Translation> pki PKI service configuration> policies Configure Network Security Policies> resource-manager Configure resource manager security options> screen Configure screen feature> softwires Configure softwire feature> ssh-known-hosts SSH known host list> tcp-encap Configure TCP Encapsulation.> traceoptions Network security daemon tracing options> user-identification Configure user-identification> utm Content security service configuration> zones Zone configuration
Have I missed something earlier in the config, or is this just somethign that VSRX doesn't do?
vSRX will never get support for dynamic vpn. This is limited to SRX100, SRX200 and SRX300 series together with SRX550 and SRX650.
It's replacement is called "Remote access VPN client". There are also two concurrent connections included just as dynamic vpn.
The big issue with this solution is that you either have to buy an NCP VPN client license or get an open source VPN client to work (it's IKEv2 so it's standard-based).
More about remote access VPN client: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-remote-access-vpns-with-...
You can use NCP Exclusive Remote Access VPN Solution starting with Junos "15.1x49-d80"
Refer the VPN subsection under "New and Changed Features" and "changes in behavior and syntax" sections.
Understanding SSL Remote Access VPNs with NCP Exclusive Remote Access Clienthttps://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-remote-access-vpns-with-...
NCP Exclusive Remote Access VPN Solution for SRX Series/vSRX Firewalls
© 1999 - 2018 Juniper Networks, Inc.
All rights reserved