My understanding (I may be wrong) is that osx client requires l2tp, and srx doesn’t support it (ssg does). Its kind of annoying.
On Mar 24, 2014, at 4:29 PM, Andrew Jones <a...@jonesy.com.au> wrote: > I'd be very interested in seeing a dynamic vpn config that works with OSX's > built-in IPSEC client. > When I've looked into this previously, I've only found people using > third-party VPN clients on mac, such as VPN Tracker: > https://www.cryptomonkeys.com/2013/10/juniper-srx-and-mobile-ipsec/ > > > > On 25.03.2014 10:04, Chris Jones wrote: >> Well thats exactly it, Pulse on Windows does SSLVPN and IPSec. On OSX >> and mobile, its SSL only. Dynamic VPN is an IPSec remote access VPN, >> so that's why it doesn't work. >> >> Yes, built in IPSec clients for OSX will connect to Dynamic VPN just >> fine AFAIK, you just can't use Pulse. I'm not sure about iOS and >> Android though. >> >> On Mon, Mar 24, 2014 at 3:57 PM, Skeeve Stevens >> <skeeve+juniper...@eintellegonetworks.com> wrote: >> >>> Any other way to get OSX/mobile devices, etc to connect to an SRX VPN? >>> PPTP? IPSEC? >>> >>> ...Skeeve >>> >>> *Skeeve Stevens - *eintellego Networks Pty Ltd >>> ske...@eintellegonetworks.com ; www.eintellegonetworks.com [1] >>> >>> Phone: 1300 239 038; Cell +61 (0)414 753 383 [2] ; skype://skeeve >>> >>> facebook.com/eintellegonetworks [3] ; <http://twitter.com/networkceoau [4]> >>> linkedin.com/in/skeeve [5] >>> >>> twitter.com/theispguy [6] ; blog: www.theispguy.com [7] >>> >>> The Experts Who The Experts Call >>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering >>> >>> On Tue, Mar 25, 2014 at 9:54 AM, Andrew Jones <a...@jonesy.com.au> wrote: >>> >>> > I've been told that they have no plans to support OSX on Dynamic VPN. I >>> > got the impression that Juniper weren't investing in the Dynamic VPN >>> > product and were pushing people toward MAG etc. >>> > >>> > From http://kb.juniper.net/InfoCenter/index?page=content&id=KB17436 [8] >>> > >>> > The Dynamic VPN feature (Pulse or Juniper Access Manager) is not supported >>> > on the following Operating Systems: >>> > * Linux >>> > * Macintosh Desktop Systems including Pulse 3.0 (for more information, >>> > refer to KB23960 - [SRX] Junos Pulse 3.0 installed on a Mac OS X system >>> > fails to connect to a SRX device with the dynamic VPN feature). >>> > * Windows Server >>> > * iPad/iPhone >>> > * Android OS >>> > >>> > >>> > On 25.03.2014 09 [9]:46, Skeeve Stevens wrote: >>> > >>> >> What THE HELL?! >>> >> >>> >> Documentation on this? >>> >> >>> >> Thanks Chris. >>> >> >>> >> >>> >> ...Skeeve >>> >> >>> >> *Skeeve Stevens - *eintellego Networks Pty Ltd >>> >> ske...@eintellegonetworks.com ; www.eintellegonetworks.com [1] >>> >> >>> >> Phone: 1300 239 038; Cell +61 (0)414 753 383 [2] ; skype://skeeve >>> >> >>> >> facebook.com/eintellegonetworks [3] ; <http://twitter.com/networkceoau >>> >> [4]> >>> >> linkedin.com/in/skeeve [5] >>> >> >>> >> twitter.com/theispguy [6] ; blog: www.theispguy.com [7] >>> >> >>> >> >>> >> The Experts Who The Experts Call >>> >> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering >>> >> >>> >> >>> >> On Tue, Mar 25, 2014 at 5:36 AM, Chris Jones <ipv6fre...@gmail.com> >>> >> wrote: >>> >> >>> >> I don't know if this matters to you, but Pulse does not work in OSX or >>> >>> iOS/Android when connecting to a SRX with Dynamic VPN. It only works in >>> >>> Windows. Just a caveat if you weren't already aware. >>> >>> >>> >>> >>> >>> On Mon, Mar 24, 2014 at 12:21 AM, Skeeve Stevens < >>> >>> skeeve+juniper...@eintellegonetworks.com> wrote: >>> >>> >>> >>> Hey all, >>> >>>> >>> >>>> I am setting up an SRX with Dynamic VPN with Pulse clients..... I know >>> >>>> some >>> >>>> don't like it, but it is what we're doing (customer choice). >>> >>>> >>> >>>> One thing I am looking for is if anyone has seen any docs on how to >>> >>>> integrate the Dynamic VPN auth with Active Directory. >>> >>>> >>> >>>> Also, does anyone know what flexibility we have with the VPN on a per >>> >>>> use >>> >>>> basis... such as different IP ranges, different VRF's, firewall >>> >>>> filters, >>> >>>> etc etc based against those AD groups. >>> >>>> >>> >>>> While this is for a specific rollout, it would be nice to know these >>> >>>> capabilities across the board for other solutions. >>> >>>> >>> >>>> Any pointers to any docs would be fantastic. I've tried googling, but >>> >>>> came >>> >>>> up blah. >>> >>>> >>> >>>> ...Skeeve >>> >>>> >>> >>>> *Skeeve Stevens - *eintellego Networks Pty Ltd >>> >>>> ske...@eintellegonetworks.com ; www.eintellegonetworks.com [1] >>> >>>> >>> >>>> Phone: 1300 239 038; Cell +61 (0)414 753 383 [2] ; skype://skeeve >>> >>>> >>> >>>> facebook.com/eintellegonetworks [3] ; >>> >>>> <http://twitter.com/networkceoau [4]> >>> >>>> linkedin.com/in/skeeve [5] >>> >>>> >>> >>>> twitter.com/theispguy [6] ; blog: www.theispguy.com [7] >>> >>>> >>> >>>> >>> >>>> The Experts Who The Experts Call >>> >>>> Juniper - Cisco - Cloud - Consulting - IPv4 Brokering >>> >>>> _______________________________________________ >>> >>>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> >>>> https://puck.nether.net/mailman/listinfo/juniper-nsp [10] >>> >>>> >>> >>>> >>> >>> >>> >>> >>> >>> -- >>> >>> Chris Jones >>> >>> JNCIE-ENT #272 >>> >>> CCIE# 25655 (R&S) >>> >>> >>> >>> _______________________________________________ >>> >> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> >> https://puck.nether.net/mailman/listinfo/juniper-nsp [10] >>> >> >>> > >>> > _______________________________________________ >>> > juniper-nsp mailing list juniper-nsp@puck.nether.net >>> > https://puck.nether.net/mailman/listinfo/juniper-nsp [10] >>> > >>> _______________________________________________ >>> juniper-nsp mailing list juniper-nsp@puck.nether.net >>> https://puck.nether.net/mailman/listinfo/juniper-nsp [10] >> >> -- >> Chris Jones >> JNCIE-ENT #272 >> CCIE# 25655 (R&S) >> >> Links: >> ------ >> [1] http://www.eintellegonetworks.com >> [2] tel:%2B61%20%280%29414%20753%20383 >> [3] http://facebook.com/eintellegonetworks >> [4] http://twitter.com/networkceoau >> [5] http://linkedin.com/in/skeeve >> [6] http://twitter.com/theispguy >> [7] http://www.theispguy.com >> [8] http://kb.juniper.net/InfoCenter/index?page=content&id=KB17436 >> [9] tel:25.03.2014%2009 >> [10] https://puck.nether.net/mailman/listinfo/juniper-nsp > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp -- Louis Kowolowski lou...@cryptomonkeys.org Cryptomonkeys: http://www.cryptomonkeys.com/ Making life more interesting for people since 1977
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp