Screen OS

Hi

I have created a dial up vpn policy on a ssg-5 using the wizzard.

I have used a single user profile for ID and now I wan't to allow multiple use of this user ID.

But I get errors when I try to change it:

First I get: user ike id check failed

Then I get: You can only change the user status, IKE options and/or password for the current user.

Is there a work around for that?

Hi,

You need to remove the user from the active VPN that they are currently tied to before you can make the change.

Regards

Thanks. that worked.

Isn't it possible to use the same user on multiple connections? If I try to use a user with "Number of Multiple Logins with Same ID" lager than 1 it's told that I have to use a group. If I put this user in a group, I'm told that I have to enalbe xauth. 

If I try to set the vpn to Dynamic with a remote id provided I get:

VPN "VPN for Any" which use this IKE gateway have manually configured proxy ID

fail set non-dial-up gateway

Error in set ike gateway.

Yes you need to use IKE and Xauth please see

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15272

You don't actually have to use XAuth (you can use a shared IKE user in a group with additional IKE users containing similar IKE IDs) but it's recommended for additional security.

You can't edit a user that's currently in use by a VPN gateway, so the easiest way (other than deleting the VPN definition and starting from scratch) is to create a temporary dummy IKE user, then modify the VPN gateway to use this user. You should now be able to edit the original user (bumping up the Multiple Logins number), add it to a new group, modify the VPN gateway again to use the new group containing the original IKE user, and delete the dummy user.

You now have a choice between adding additional IKE users, or additional XAuth users.

Thanks for your answers. I' setting up Xauth now 🙂