Anyone on here setup WebVPN on Juniper SRX? I've had a JTAC ticket running
for quite a while and they haven't been able to figure out why we can't
connect. according to the logs the username is getting authenticated and
then the session drops for some reason.. I'm about 6-7 hours on the phone
with JTAC so far - hoping someone has some ideas ;)
Thanks ;)
SRX210 running 10.0R3.10
access {
profile user-auth-profile {
client leo {
firewall-user {
password "xxxxxxxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA
}
}
}
firewall-authentication {
web-authentication {
default-profile user-auth-profile;
}
}
}
security {
ike {
traceoptions {
flag all;
}
proposal phase1-prop {
authentication-method pre-shared-keys;
dh-group group5;
authentication-algorithm sha-256;
encryption-algorithm aes-256-cbc;
}
policy ike-pol {
mode aggressive;
proposals phase1-prop;
pre-shared-key ascii-text "xxxxxxxxxxxxxxxxxxxxxxxxxxx"; ##
SECRET-DATA
}
gateway leo {
ike-policy ike-pol;
dynamic hostname leo;
external-interface ge-0/0/0.0;
xauth access-profile user-auth-profile;
}
}
ipsec {
proposal phase2-prop {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
}
policy ipsec-pol {
perfect-forward-secrecy {
keys group2;
}
proposals phase2-prop;
}
vpn leo {
ike {
gateway leo;
ipsec-policy ipsec-pol;
}
}
}
zones {
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
https;
ssh;
ping;
snmp;
ike;
}
}
}
}
}
}
dynamic-vpn {
access-profile user-auth-profile;
clients {
leo {
remote-protected-resources {
10.1.1.0/24;
}
remote-exceptions {
0.0.0.0/0;
}
ipsec-vpn leo;
user {
leo;
}
}
}
}
}
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
