SRX Services Gateway
Highlighted
SRX Services Gateway

Dynamic VPN Local Authentication

‎11-16-2010 01:59 PM

When Will Dynamic VPN  Support Local Authentication ( as it still needs Radius Server )

 

7 REPLIES 7
Highlighted
SRX Services Gateway

Re: Dynamic VPN Local Authentication

‎11-16-2010 02:05 PM

SSHSSH, your timing on asking these questions is excellent. I am pleased to say that Junos 10.4, right around the corner from release, will allow you to choose either local authentication or continue to use an external auth server such as RADIUS.


--mxk
Highlighted
SRX Services Gateway

Re: Dynamic VPN Local Authentication

‎11-16-2010 09:21 PM

Does 10.4 supports DHCP allocation to a dynamic vpn user now that it will support local authentication.

I do not want to set to to allocate a few ip address to a small group of dynamic vpn users.

Highlighted
SRX Services Gateway

Re: Dynamic VPN Local Authentication

‎11-16-2010 10:02 PM

Not in 10.4, you will have to configure a local address pool to be used to assign addresses to the remote users. 

 

Is your DHCP server running locally on the same device, or you are asking about the SRX generating a DHCP request when a VPN client connects?

Highlighted
SRX Services Gateway

Re: Dynamic VPN Local Authentication

‎11-17-2010 12:11 AM

dynamic vpn already supports local authentication.

 

I don't know if the config is supported by juniper, but it works fine on junos 10.2 and 10.3.

 

there are some threads at the srx community with config samples.

http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Dynamic-VPN-Working-Config/m-p/60634/highlight...

Highlighted
SRX Services Gateway

Re: Dynamic VPN Local Authentication

‎11-17-2010 12:23 AM

Sure, but the issue there is not really the local auth part (that has always been supported) but rather the local pool management. 

Highlighted
SRX Services Gateway

Re: Dynamic VPN Local Authentication

‎11-17-2010 12:29 AM

Just to add to my previous comment.

 

We have no plans to do a DHCP request in place of the Dyn-VPN client.

 

However, due to some parallel work we are doing, it will be possible in the future (not in 10.4) to use the same pool for dyn-vpn access and dhcp assignments, provided that the SRX is both acting as the DHCP server as well as terminating the dynamic-vpn tunnels.

Highlighted
SRX Services Gateway

Re: Dynamic VPN Local Authentication

‎11-17-2010 03:19 AM

Thanks All