SRX Services Gateway
SRX Services Gateway

SRX Dynamic VPN Issue - Pulse secure Mac/Android

‎04-04-2019 08:33 AM

Hello,

I have an SRX 220 that works fine with Dynamicc VPN on Windows 7 and with Pulse Secure.
It doesn't seem to connect with Android or Mac/Apple/IOS I get "Opps something went wrong. Please try again later".
As far as I know I'm running the latest version of Pulse on my Android test.  Juniper states that Pulse Secure client is compatable. 

"The SRX Dynamic VPN feature supports the following client OS versions:

Pulse

Vista (32-bit and 64-bit)
Windows XP (32-bit and 64-bit)
Windows 7 (32-bit and 64-bit)
Windows 8.0 (32-bit and 64-bit)
Windows 8.1 (32-bit and 64-bit)
MAC OS X 10.7.3 or higher (available with Pulse 5.0R3 or higher)

Pulse Secure's solution supports other client operating systems, including iPhone, iPad, Android, Blackberry, Mac OS X."

 

My SRX:
Model: srx220h2-poe
JUNOS Software Release [12.1X46-D65.4]


IKE Setup (Portions):

gateway gw_wizard_dyn_vpn {
ike-policy ike_pol_wizard_dyn_vpn;
dynamic {
hostname xxxxxx;
connections-limit 50;
ike-user-type group-ike-id;

}
vpn wizard_dyn_vpn {
ike {
gateway gw_wizard_dyn_vpn;
ipsec-policy ipsec_pol_wizard_dyn_vpn;

 

Any Ideas anyone? Thank you in advance!

-Scott

 

 

 

11 REPLIES 11
SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

‎04-04-2019 09:00 AM

Scott,

 

The fact that you can connect with a PC indicates that the SRX's configuration is correct. Can you confirm that the Pulse app in Android has an "SRX" connection type? My understanding is that it is not supported:

 

"Pulse IPSec connections to an SRX via the Dynamic VPN feature are supported on Windows Desktop OS, and MAC OS X (10.7.3 or higher) clients only, as listed in the solution section below.  They are not supported on iPhone, iPad, Android, Blackberry, and Mac OS X"

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB23960&actp=METADATA

 

I believe that the following line is misleading is the doc you shared: "Pulse Secure's solution supports other client operating systems, including iPhone, iPad, Android, Blackberry, Mac OS X."

 

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!
SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

‎04-04-2019 09:30 AM

Mark, Thank you for the reply.
That is misleadeing of Juniper then, saying that they do support the mobile APP. I agree my SRX is most liklely setup right as It does work with Win 7, Pulse Secure.

How would I check "Can you confirm that the Pulse app in Android has an "SRX" connection type?"

 

Thanks again,
Scott

 

SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

‎04-04-2019 09:51 AM

Scott,

 

When you create a new connection on Pulse (PC version) you select the connection type; if you are connecting to a SRX you will choose "Firewall (SRX)". Do you any this option in the mobile app?

 

I believe that the document you checked is no longer valid because of the [Archive] statement it has next to the title.

 

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!
SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

‎04-04-2019 11:13 AM

Thanks again Mark,

Indeed with the PC client I do connect with the Firewall option. The Moblie APP only starts with the URL or IP input, and then it goes out to connect from there with the error. No other options or screen pops up.  I was wondering if the SRX needs to be someway setup to handle IKEv2 to enable the mobile client to connect?  My config just shows IKE, I haven't tried playing with that, if its even possible on the SRX. Thank you again, Scott

 

SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

‎04-04-2019 11:23 AM

Scott,

 

I personally dont think that you will be able to connect from the mobile device being the fact that it doesnt have the Firewall (SRX) option. This is why the KB stated that dynamic VPN is not supported from mobile devices.

 

Please mark the post as Resolved if it applies.

 

 

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!
SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

‎04-05-2019 09:22 AM

Thank you again for the correspondence Mark. I believe you Smiley Wink

It's just odd that the KB below does say they support it from mobile devices.

https://kb.juniper.net/InfoCenter/index?page=content&id=KB23960&actp=METADATA

"Pulse Secure's solution supports other client operating systems, including iPhone, iPad, Android, Blackberry, Mac OS X"

V/r,
Scott

 

SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

[ Edited ]
‎04-08-2019 12:39 PM

Scott,

 

I do understand your point and agree with you. I just requested the KB article to be fixed and instead of:

 

  • "Pulse Secure's solution supports other client operating systems, including iPhone, iPad, Android, Blackberry, Mac OS X."

 

It will say:

 

  • "Even though Pulse Secure's solution supports other client operating systems, including iPhone, iPad, Android, Blackberry,      Mac OS X, you cannot connect from them to the SRX, only from the Operative Systems shown above"

 

Im hoping this will avoid any confusions in the future. Please mark the post as Resolved if you believe we have provided an accurate answer to your question.

 

Pura Vida from Costa Rica - Mark as Resolved if it applies.
Kudos are appreciated too!
SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

3 weeks ago

I do understand your point and agree with you. I just requested the KB article to be fixed and instead of:

 

  • "Pulse Secure's solution supports other client operating systems, including iPhone, iPad, Android, Blackberry, Mac OS X."

 

It will say:

 

  • "Even though Pulse Secure's solution supports other client operating systems, including iPhone, iPad, Android, Blackberry,      Mac OS X, you cannot connect from them to the SRX, only from the Operative Systems shown above"

what is diffrent in both above statements ??????

 

SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

3 weeks ago

The bottom line is that Pulse Secure used to be the official supported remote access client to the SRX but this is not longer the case.  Since the paths split about 2 years ago now the Pulse secure current versions have become incompatible with connecting on the SRX.

 

The new official client is NCP which does require an additional purchase.

 

The free open source Shrew Soft does still work on all the desktops I"ve used it on so far but does not support mobile clients.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

Thursday

@  Could You share working configuration with Shrew VPN? I think configuration is based on ike v2 ?

SRX Services Gateway

Re: SRX Dynamic VPN Issue - Pulse secure Mac/Android

Friday

I don't have access to that system anymore but it was ike v1 and an srx100 with the older Junos that is limited on that platform.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home