ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Junos Pulse

09.30.10   |  
‎09-30-2010 05:42 AM

Does anyone know if Junos Pulse will or will ever work with the SSG line?

Mike
4 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Junos Pulse

10.06.10   |  
‎10-06-2010 06:50 AM

Last I heard, Pulse 1.0 only supports dynamic VPN to SRXs and not SSGs.  I don't know about future support.

Juniper Elite Partner
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: Junos Pulse

04.10.12   |  
‎04-10-2012 08:28 PM

Does Junos Pulse client support SSG IPSec VPN?

 

Which IPSec VPN Clients would you recommend to use with SSG IPSec VPN remote user access?

Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
ScreenOS Firewalls (NOT SRX)

Re: Junos Pulse

04.11.12   |  
‎04-11-2012 01:54 AM

Hi,

 

NCP IPSec VPN client Juniper Edition is an excellent product (http://www.ncp-e.com/). A free alternative is the ShrewSofrt client (http://www.shrewsoft.com/).

The built-in Windows 7 VPN client can also be used with the certificates and L2TP-over-IPSec. But there is a bug in ScreenOS (tested with 6.3). If multiple users try to establish a VPN from behind the same FW or another NAT-enabled device, using NAT-T, only the first user succeeds. The multiple IPSec VPNs are established correctly but only the first L2TP tunnel starts. The second tunnel cannot be started because ScreenOS incorrectly interprets the L2TP packets from the second client as arriving through the first L2TP tunnel. I consider it as a bug because the IPSec SA contains the original (private) client IPs (uniq IPs) along with the public IP (the same) used for the NAT-T. ScreenOS should be able to sort out which packet belongs to which client. Besides, L2TP packets are transported accross the two different IPSec tunnels and each L2TP tunnel is paired with its own IPSec tunnel.

Kind regards,
Edouard
ScreenOS Firewalls (NOT SRX)

Re: Junos Pulse

04.11.12   |  
‎04-11-2012 09:38 AM
Hi echidov!

Thanks for the tip!!!
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT/SEC, JNCIP-ENT
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"