SRX

last person joined: 20 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade

    Posted 08-28-2012 05:37

    Hi,

     

    i upgraded an SRX210 from 10.1 to 11.4R4.4 last night, and now it is not handing out the DNS server ip to dynamic-vpn clients anymore.

     

    i use pulse, and i only get this for dns servers:

     

    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
    fec0:0:0:ffff::2%1
    fec0:0:0:ffff::3%1

     

    The Configuration of the SRX has not been changed, neither has the Exchange Server that manages Radius for Authentication.

     

    Do i have to change the config for 11.4 to work? i read the release notes but i didnt find any clue.

     

    thx in advance,

     

    Chris

     



  • 2.  RE: srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade

    Posted 08-28-2012 06:44

    Hi,

     

    It sounds like a bug to me,  is there any specific reason you want to go to 11.4 rather than the recommended release of JUNOS 10.4R10.7?

     

    If you want to go to 11.1 R4.4 I know this works without issue.   I have it on a box running dynamic vpns successfully.



  • 3.  RE: srx210 not handing out DNS ip to dyn-vpn clients after 11.4 upgrade
    Best Answer

    Posted 08-28-2012 08:47

    actually (thanks to Tim Eberhard, whom i love very much right now), i found out what went wrong.

     

    apparently somewhere between 10.1 and 11.4 Juniper changed the radius "vendor-specific" Vendor code for DNS ( from 4874 to 2636 ).

    You will find the new code in KB22482

     

    http://kb.juniper.net/InfoCenter/index?page=content&id=KB22482&smlogin=true

    The KB is from January 2012, so apparently it has been changed somehow recently.

     

    Maybe this helps someone who runs into this, too.