Re: [j-nsp] Dynamic VPN with Pulse, AD Integration and more

Mon, 24 Mar 2014 16:31:21 -0700

I'd be very interested in seeing a dynamic vpn config that works with OSX's built-in IPSEC client. When I've looked into this previously, I've only found people using third-party VPN clients on mac, such as VPN Tracker: 
https://www.cryptomonkeys.com/2013/10/juniper-srx-and-mobile-ipsec/



On 25.03.2014 10:04, Chris Jones wrote:

Well thats exactly it, Pulse on Windows does SSLVPN and IPSec. On OSX
and mobile, its SSL only. Dynamic VPN is an IPSec remote access VPN,
so that's why it doesn't work.

Yes, built in IPSec clients for OSX will connect to Dynamic VPN just
fine AFAIK, you just can't use Pulse. I'm not sure about iOS and
Android though. 

On Mon, Mar 24, 2014 at 3:57 PM, Skeeve Stevens
<[email protected]> wrote:
Any other way to get OSX/mobile devices, etc to connect to an SRX VPN? 
PPTP? IPSEC?

...Skeeve

*Skeeve Stevens - *eintellego Networks Pty Ltd
[email protected] ; www.eintellegonetworks.com [1]

Phone: 1300 239 038; Cell +61 (0)414 753 383 [2] ; skype://skeeve
facebook.com/eintellegonetworks [3] ;  <http://twitter.com/networkceoau [4]> 
linkedin.com/in/skeeve [5]

twitter.com/theispguy [6] ; blog: www.theispguy.com [7]

The Experts Who The Experts Call
Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
On Tue, Mar 25, 2014 at 9:54 AM, Andrew Jones <[email protected]> wrote:
> I've been told that they have no plans to support OSX on Dynamic VPN. I > got the impression that Juniper weren't investing in the Dynamic VPN 
> product and were pushing people toward MAG etc.
>
> From http://kb.juniper.net/InfoCenter/index?page=content&id=KB17436 [8] 
>
> The Dynamic VPN feature (Pulse or Juniper Access Manager) is not supported 
> on the following Operating Systems:
> * Linux
> * Macintosh Desktop Systems including Pulse 3.0 (for more information, > refer to KB23960 - [SRX] Junos Pulse 3.0 installed on a Mac OS X system 
> fails to connect to a SRX device with the dynamic VPN feature).
> * Windows Server
> * iPad/iPhone
> * Android OS
>
>
> On 25.03.2014 09 [9]:46, Skeeve Stevens wrote:
>
>> What THE HELL?!
>>
>> Documentation on this?
>>
>> Thanks Chris.
>>
>>
>> ...Skeeve
>>
>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>> [email protected] ; www.eintellegonetworks.com [1]
>>
>> Phone: 1300 239 038; Cell +61 (0)414 753 383 [2] ; skype://skeeve
>>
>> facebook.com/eintellegonetworks [3] ;  <http://twitter.com/networkceoau [4]> 
>> linkedin.com/in/skeeve [5]
>>
>> twitter.com/theispguy [6] ; blog: www.theispguy.com [7]
>>
>>
>> The Experts Who The Experts Call
>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>>
>>
>> On Tue, Mar 25, 2014 at 5:36 AM, Chris Jones <[email protected]> 
>> wrote:
>>
>>  I don't know if this matters to you, but Pulse does not work in OSX or >>> iOS/Android when connecting to a SRX with Dynamic VPN. It only works in 
>>> Windows. Just a caveat if you weren't already aware.
>>>
>>>
>>> On Mon, Mar 24, 2014 at 12:21 AM, Skeeve Stevens <
>>> [email protected]> wrote:
>>>
>>>  Hey all,
>>>>
>>>> I am setting up an SRX with Dynamic VPN with Pulse clients..... I know 
>>>> some
>>>> don't like it, but it is what we're doing (customer choice).
>>>>
>>>> One thing I am looking for is if anyone has seen any docs on how to 
>>>> integrate the Dynamic VPN auth with Active Directory.
>>>>
>>>> Also, does anyone know what flexibility we have with the VPN on a per 
>>>> use
>>>> basis... such as different IP ranges, different VRF's, firewall filters, 
>>>> etc etc based against those AD groups.
>>>>
>>>> While this is for a specific rollout, it would be nice to know these 
>>>> capabilities across the board for other solutions.
>>>>
>>>> Any pointers to any docs would be fantastic.  I've tried googling, but 
>>>> came
>>>> up blah.
>>>>
>>>> ...Skeeve
>>>>
>>>> *Skeeve Stevens - *eintellego Networks Pty Ltd
>>>> [email protected] ; www.eintellegonetworks.com [1]
>>>>
>>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 [2] ; skype://skeeve 
>>>>
>>>> facebook.com/eintellegonetworks [3] ;  <http://twitter.com/networkceoau [4]> 
>>>> linkedin.com/in/skeeve [5]
>>>>
>>>> twitter.com/theispguy [6] ; blog: www.theispguy.com [7]
>>>>
>>>>
>>>> The Experts Who The Experts Call
>>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering
>>>> _______________________________________________
>>>> juniper-nsp mailing list [email protected]
>>>> https://puck.nether.net/mailman/listinfo/juniper-nsp [10]
>>>>
>>>>
>>>
>>>
>>> --
>>> Chris Jones
>>> JNCIE-ENT #272
>>> CCIE# 25655 (R&S)
>>>
>>>  _______________________________________________
>> juniper-nsp mailing list [email protected]
>> https://puck.nether.net/mailman/listinfo/juniper-nsp [10]
>>
>
> _______________________________________________
> juniper-nsp mailing list [email protected]
> https://puck.nether.net/mailman/listinfo/juniper-nsp [10]
>
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp [10]


--
Chris Jones
JNCIE-ENT #272
CCIE# 25655 (R&S)

Links:
------
[1] http://www.eintellegonetworks.com
[2] tel:%2B61%20%280%29414%20753%20383
[3] http://facebook.com/eintellegonetworks
[4] http://twitter.com/networkceoau
[5] http://linkedin.com/in/skeeve
[6] http://twitter.com/theispguy
[7] http://www.theispguy.com
[8] http://kb.juniper.net/InfoCenter/index?page=content&amp;id=KB17436 
[9] tel:25.03.2014%2009
[10] https://puck.nether.net/mailman/listinfo/juniper-nsp


_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp

Reply via email to