Hello,
I recently upgraded my SRX210 to Junos 12.1X46-D40.2, and after doing so my dynamic VPN no longer works. If I try to connect via the pulse client, it says "your connection has failed" for a split second, and then retries. I never get to the place where I can enter username and password. Since the pulse client can no longer be downloaded from the SRX, I downloaded the x64 bit version of the client somewhere on Juniper's website. That client also has the same problem...
What could have changed? My configuration hasn't changed at all, but I'm wondering if there's an additional setting that needs to be made now after the upgrade? I found a command you can run that aparantley checks your VPN configuration:
Syntax
Hierarchy Level
[edit security dynamic-vpn]
It tells me after I commit:
'policy ipsec-dyn-vpn-policy'
Missing mandatory statement: 'perfect-forward-secrecy'
Never even seen this statement in most dynamic vpn configurations... Am I missing something?
Thanks,