Knowledge Center Search


 

[SRX] Minimum requirements for client and SRX device

  [KB17436] Show KB Properties

  [KB17436] Hide KB Properties

Categories:
Knowledge Base ID: KB17436
Last Updated: 24 Apr 2014
Version: 10.0

Summary:

This article provides information about the minimum Dynamic VPN requirements for the client and the SRX device.

Problem or Goal:

The Dynamic VPN client is unable to establish a connection to the SRX.

Cause:

It's usually the case that a connection cannot be established because the minimum requirements for the client and the SRX device are not met.

Solution:

The minimum requirements for the client and the SRX device are listed below. Check to see if your client and SRX device meet the minimum requirements.

If your client and SRX device meet the minimum requirements but you are still having issues establishing a connection, see KB17220 - Resolution Guide - SRX - Troubleshoot Dynamic VPN client (Pulse or Access Manager).


SRX Requirements

The Dynamic VPN feature is supported by the following SRX devices and Junos releases:

 Platform  Junos Release
 SRX100  10.0 and later
 SRX110  11.2 and later
 SRX210  9.6 and later
 SRX220  10.3 and later
 SRX240  9.6 and later
 SRX550  12.1 and later
 SRX650  10.2 and later
 SRX 1000 series  Not supported yet
 SRX 3000 series  Not supported yet
 SRX 5000 series  Not supported yet
The supported platforms are also documented in the Feature Support Document Junos 11.4.

For VPN clients that connect to high-end SRX devices, use standard IPsec VPN clients. For more information, refer to KB15053 - SRX Client-to-LAN VPN solutions.


Client Requirements

There are two Dynamic VPN clients, Junos Pulse and Juniper Access Manager. These clients can be downloaded from the SRX device at the Dynamic-vpn login page.

If the SRX device is running Junos 11.1 or later, the Junos Pulse client for Windows is downloaded. To identify which version of the Junos Pulse client is being downloaded, refer to KB22857 - How to find the Junos Pulse version in SRX and the Pulse client.

If the SRX device is running Junos 10.4 or earlier, the Juniper Access Manager client for Windows is downloaded.


Junos Pulse Dynamic VPN client is supported on following operating systems:

  • Windows XP (32-bit and 64-bit)
  • Windows 7 (32-bit and 64-bit)
  • Windows 8.0 (32-bit and 64-bit)
  • Windows 8.1 (32-bit and 64-bit)
  • Mac OS X 10.7.3 or higher (available as of Pulse 5.0R3)


Junos Access Manager Dynamic VPN client is supported on following operating systems (platforms):

  • Windows XP 32-bit and 64-bit with any service pack
  • Windows Vista 32-bit and 64-bit with any service pack
  • Windows 7 32-bit and 64-bit with any service pack (Junos 10.4 and above only)


Dynamic VPN Feature (Pulse or Juniper Access Manager) is not supported on following operating systems:

For information about supported platforms for Junos Pulse, refer to the Junos Pulse Supported Platform guides:

Note: Junos Pulse can also be alternatively downloaded from http://www.juniper.net/support/products/pulse and manually installed. For more information, refer to KB17641 - Using Junos Pulse to connect Dynamic VPN client to SRX.


License

Dynamic VPN is a licensed feature. By default, a two-user evaluation license is provided (free of charge) on SRX devices and it does not expire. When more than two users have to connect concurrently, a license is required. These licenses are available as a 5, 10, 25, and 50 user license. For ordering information, refer to the following datasheet: http://www.juniper.net/us/en/local/pdf/datasheets/1000281-en.pdf.


Feature Limitations

The limitations, when configuring the Dynamic VPN, are:

  • The external RADIUS server is required for XAUTH and to provide an IP address in 10.3 or earlier.
  • The shared IKE id is not supported in 10.3 or earlier.
  • The custom IKE/IPsec security proposals are required in 10.3 or earlier.
  • FQDN is the only IKE-id supported in 10.3 or earlier.
  • Perfect Forward Secrecy (PFS) is mandatory.

Purpose:
Implementation
Troubleshooting

Related Links:

 

 

ASK THE KB

Question or KB ID:


 


 

 
Copyright© 1999-2012 Juniper Networks, Inc. All rights reserved.