What kind of issues are you having site to site? We have a lot of SRX doing site to site and haven't had any issues keeping IPSec tunnels in place...
Running 10.4R4.5 on most boxes to date.... just curious... Thanks, Paul -----Original Message----- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Eric Hileman Sent: Wednesday, August 03, 2011 4:01 PM To: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Junos Pulse / SRX240 problems We've had nothing but bad luck with the pulse client on our srx240h ha cluster. Right now it's unusable because the license manage thinks licenses are in use, they're not but we can't reconnect. We don't have the clear command in our version of junos you do so jtac says reboot em and we can't. In your case you should be able to go to your service manager where you'll find three juniper pulse services. If you manually restart them your pulse client should reconnect. That's probably what the reboot is doing. Our site to site ipsec vpn's to srx210h's are buggy and broken as well... -----Original Message----- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Jeff Wheeler Sent: Wednesday, August 03, 2011 3:41 PM To: juniper-nsp@puck.nether.net Subject: [j-nsp] Junos Pulse / SRX240 problems I have a very simple VPN configuration for a non-uptime-critical service, with an SRX240H and Dynamic VPN client licenses. This worked fine with Junos 10.4R4.5 (JTAC recommended release) and the Juniper Access Manager client. However, Dynamic VPN sessions were becoming "stuck," and hours or days after a user had disconnected, they would still appear in `show security ike ...` and still consume Dynamic VPN licenses as reported by `show system licenses`. The same users were shown many times, etc. I have tried 11.1R3.5 and it has solved the stuck IKE associations / license exhaustion issue, but the Junos Pulse client is not working well. JAM does work fine, but the web front-end installs Pulse for end-users now. From my test machine, I can sometimes connect the VPN on the first or second try, but usually have to enter login credentials at least twice. Where it gets problematic is if I disconnect and later attempt to reconnect, I might enter my login and click continue 50 times before the VPN session is established, if it ever works at all. Restarting Pulse does not seem helpful, but rebooting the PC does. I have not tried rebooting the SRX, but I find no entries cleared when issuing `clear security dynamic-vpn all` and that does not appear to influence the problem. Before someone asks, since this works perfectly with the JAM client, I do not think the SRX configuration is any issue. This config is as simple as can be, without even a RADIUS server yet. My impression right now is that the Pulse client is too buggy to deploy and I should downgrade back to 10.4R4.5 so users will receive Juniper Access Manager instead. I have read a few similar opinions on the Juniper forums. I would appreciate any thoughts you guys have. -- Jeff S Wheeler <j...@inconcepts.biz> Sr Network Operator / Innovative Network Concepts _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp