On Mon, Jun 27, 2011 at 6:12 PM, Ben Dale <bd...@comlinx.com.au> wrote: > Last time I looked (which was a while ago), the iPad/iPhone version of pulse > used SSL to establish the VPN Tunnel. > > The SRX only support Pulse over IPSEC (which the Windows client also > supports). > > The Secure Access (now Juniper Pulse Gateway/MAGx600) appliance supports both > SSL and IPSEC termination using Pulse. > > Confused? ; )
Indeed, I think that the iOS Pulse client only terminates on gateways running the IVE-style SSL VPN software. I've used both the SA-2500 and MAG2600 for terminating Pulse and Network Connect clients (both to IVE/SSL VPN software), and both worked just fine. As far as the software goes, it's a little bloated (in my opinion), but it gets the job done and CPUs are fast and disk space is cheap nowadays. I've had some luck configuring Macintosh OS X to terminate IPSec/L2TP on an SRX in the past, so presumably the iOS client could be coerced into doing something similar. >From what I hear from SEs and resellers is that the SA-2500 (maybe other SA appliances) are being EOLed in favor of the newer MAG appliances. They're Intel Atom boxes that can run the IVE (SSL VPN) or UAC/NAC (802.1x, virus scanning, etc.) software set on the same hardware. I've found them to be a little funky in that they don't seem all that well-suited for datacenter use. The simplest unit (MAG2600) requires an additional tray for rack-mounting, and most seem to have one-sided or side-to-side airflow. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp