On 04/23/09 13:45, Nick Ross wrote:
Since we're on the topic of VPN issues, we've been trying to get the Sun Ray
units to work with Juniper ScreenOS and have been unsuccessful.
We took the full SSG configuration dump from Sun and loaded it on several
different models (SSG5, SSG20, SSG140) and *NONE* of those tests were
successful. All SSG units displayed 'unrecognized peer gateway' in the trace
-- mind you, this is the configuration that apparently worked on an SSG at Sun.
We've also had senior Juniper product engineers and field engineers assist,
trying various configurations both from scratch and derivatives of the Sun
configuration, and the VPN tunnel has never been successfully opened. This
applies to the Sun Ray 2 and the Sun Ray 2FS models, all running firmware
GUI4.1_50_2008.09.25.12.37.
The VPN tunnel opens successfully with our Cisco gateways.
Does anyone have information on how to get this working with Juniper?
Yes, I do. It turns out that there was a minor bug in the 4.1 firmware
that only allowed it to recognize Netscreen gateways that sent a couple
of different vendor IDs (including my test SSG5, of course). If you have
a gateway that doesn't send one of those, it won't go into the
"Netscreen" mode of operation.
The fix is in the next patch for SRSS 4.1, and is available as an IDR if
you have a support contract.
Kent
_______________________________________________
SunRay-Users mailing list
SunRay-Users@filibeto.org
http://www.filibeto.org/mailman/listinfo/sunray-users
