SRX Services Gateway
SRX Services Gateway

Dynamic VPN not connecting

‎07-02-2014 11:59 PM

Trying to setup a user VPN on a SRX 100b

 

Junos Pulse 2.0.3.11013

JUNOS Software Release [12.1R4.7]

 

Used the VPN Wizzard. After that I enabled IKE system service at the untrust zone. And decreased the maximum users from 50 to 2.

 

Checked the config with the throubleshooting guide, but without any luck. Pusle client on Windows 8.1 stays in 'Connecting...' state for indefinitely. This is after the certificte warning and login. Login credentials do work when browsing to the dynamic-vpn url.

 

Any tips?

Attachments

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: Dynamic VPN not connecting

‎07-03-2014 12:13 AM

Please install the latest pulse release Pulse 5.0R5, it is available on Juniper support site.

 

 

Highlighted
SRX Services Gateway

Re: Dynamic VPN not connecting

‎07-03-2014 12:32 AM

Hi,

 

Configuration looks good. so we need IKE trace and few other trace files for analysis.

 

I would suggest if possible  , you can upgrade your junos code to latest recommended release of 12.1X44-D35 and then test the connection.

 

Regards
rparthi

 

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too] .....

Highlighted
SRX Services Gateway
Solution
Accepted by topic author Sven-NL
‎08-26-2015 01:27 AM

Re: Dynamic VPN not connecting

‎07-03-2014 01:29 AM

Fixed it.

 

I did enable IKE on the zone untrust. Because I thought interfaces would inherent this setting. But it seems the do not.

 

 

After enabling system service IKE on the fe-0/0/0 interface itself it worked immediately.

 

 

security-zone untrust {

    screen untrust-screen;

    host-inbound-traffic {

        system-services {

            ping;

            ssh;

            https;                      

            ike;    <----- old config

        }

    }

    interfaces {

        fe-0/0/0.0 {

            host-inbound-traffic {

                system-services {

                    dhcp;

                    tftp;

                    ping;

                    ssh;

                    https;

                    snmp; 

                    ike;    <--------- added to get it to work.

                }

            }

        }

    }

}

 

 

Thanks for the tips guys.