Anyone on here setup WebVPN on Juniper SRX? I've had a JTAC ticket running for quite a while and they haven't been able to figure out why we can't connect. according to the logs the username is getting authenticated and then the session drops for some reason.. I'm about 6-7 hours on the phone with JTAC so far - hoping someone has some ideas ;)
Thanks ;) SRX210 running 10.0R3.10 access { profile user-auth-profile { client leo { firewall-user { password "xxxxxxxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA } } } firewall-authentication { web-authentication { default-profile user-auth-profile; } } } security { ike { traceoptions { flag all; } proposal phase1-prop { authentication-method pre-shared-keys; dh-group group5; authentication-algorithm sha-256; encryption-algorithm aes-256-cbc; } policy ike-pol { mode aggressive; proposals phase1-prop; pre-shared-key ascii-text "xxxxxxxxxxxxxxxxxxxxxxxxxxx"; ## SECRET-DATA } gateway leo { ike-policy ike-pol; dynamic hostname leo; external-interface ge-0/0/0.0; xauth access-profile user-auth-profile; } } ipsec { proposal phase2-prop { protocol esp; authentication-algorithm hmac-sha1-96; encryption-algorithm aes-256-cbc; } policy ipsec-pol { perfect-forward-secrecy { keys group2; } proposals phase2-prop; } vpn leo { ike { gateway leo; ipsec-policy ipsec-pol; } } } zones { security-zone untrust { screen untrust-screen; interfaces { ge-0/0/0.0 { host-inbound-traffic { system-services { dhcp; tftp; https; ssh; ping; snmp; ike; } } } } } } dynamic-vpn { access-profile user-auth-profile; clients { leo { remote-protected-resources { 10.1.1.0/24; } remote-exceptions { 0.0.0.0/0; } ipsec-vpn leo; user { leo; } } } } } _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp