Message Image

Skip main navigation (Press Enter).

SRX

last person joined: 3 days ago

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Back to discussions

Expand all | Collapse all

Upgrading SRX210 Broke Dynamic VPN

Jump to Best Answer

Erdem12-29-2015 09:23

Hello, I recently upgraded my SRX210 to Junos 12.1X46-D40.2, and after doing so my dynamic VPN ...

Erdem12-29-2015 09:39Best Answer

Wow, I missed the post right below mine! Aparantley it's a bug... http://forums.juniper.net/ ...

1. Upgrading SRX210 Broke Dynamic VPN

0 Recommend
Erdem
Posted 12-29-2015 09:23

Reply Reply Privately
Hello,

I recently upgraded my SRX210 to Junos 12.1X46-D40.2, and after doing so my dynamic VPN no longer works. If I try to connect via the pulse client, it says "your connection has failed" for a split second, and then retries. I never get to the place where I can enter username and password. Since the pulse client can no longer be downloaded from the SRX, I downloaded the x64 bit version of the client somewhere on Juniper's website. That client also has the same problem...

What could have changed? My configuration hasn't changed at all, but I'm wondering if there's an additional setting that needs to be made now after the upgrade? I found a command you can run that aparantley checks your VPN configuration:

Syntax

config-check;

Hierarchy Level

[edit security dynamic-vpn]

It tells me after I commit:

'policy ipsec-dyn-vpn-policy'
Missing mandatory statement: 'perfect-forward-secrecy'

Never even seen this statement in most dynamic vpn configurations... Am I missing something?

Thanks,
2. RE: Upgrading SRX210 Broke Dynamic VPN
Best Answer

0 Recommend
Erdem
Posted 12-29-2015 09:39

Reply Reply Privately
Wow, I missed the post right below mine! Aparantley it's a bug...

http://forums.juniper.net/t5/SRX-Services-Gateway/SRX-Dynamic-VPN-Issue/td-p/285453

Powered by Higher Logic