Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive][Dynamic VPN] Access Manager client gets 'Authentication Failure: No Configuration Available'

0

0

Article ID: KB17344 KB Last Updated: 21 Feb 2020Version: 6.0
Summary:

When trying to connect the Access Manager client to the SRX, the status connection result message shows "Authentication failure: No Configuration Available".

 

Symptoms:

Symptoms:

  • Dynamic VPN client is not connecting to the SRX. The Connection Status in the Juniper Networks Access Manager window reports the Connection Result: "Authentication failure: No Configuration Available":

  •  
Solution:

This error message is related to a problem in the security dynamic-vpn configuration on the SRX (documented in Step 4 of the Dynamic VPN application note).

Perform the following steps to correct the error:

  1.  Enter the command show configuration security dynamic-vpn.  Then confirm that the ipsec-vpn configuration has been created for the user in question.
    user@srx> show configuration security dynamic-vpn
    
    access-profile radius-server-profile;
    clients {
        user1 {
            remote-protected-resources {
                5.1.1.0/24
            }
            remote-exceptions {
                0.0.0.0/0;
            }
            ipsec-vpn dyn-vpn-user1;   <-------------------
            user {
                user1;  <-----------must match username on RADIUS server 
            }
        }
        user2 {
            remote-protected-resources {
                5.1.1.0/24;
            }
            remote-exceptions {
                0.0.0.0/0;
            }
            ipsec-vpn dyn-vpn-user2;  <-------------------        
            user {
                user2;  <-----------must match username on RADIUS server (If using Junos 10.4 or later and a local user, it must match the username defined under the access profile)
            }
        }
    }
    


    IMPORTANT: in Junos 10.3 and below, since a different VPN definition is needed per user you cannot share client definitions under security dynamic-vpn.  One needs to be defined for each user.
    In Junos 10.4 and above, as long as the same VPN under the ipsec configuration is being used, more than one user can share the client definition.
  2. Run the command show configuration access. If using RADIUS go to the RADIUS server specified (i.e. 10.159.4.8 in this example), and confirm that the username referenced in the security dynamic-vpn section (i.e. user1) matches the name of a user defined on the RADIUS server.
    user@srx# show access
    
    profile radius-server-profile {
        authentication-order radius;
        radius-server {
            10.159.4.8 secret "$ABC123"; ## SECRET-DATA
        }
    }
    
  3. If using local users, ensure the name (including capitalization) matches the username specified in the security dynamic-vpn section (i.e. user1):

    user@srx# show access

    profile dyn-vpn-access-profile {
        authentication-order password;
        client user1 {
            firewall-user {
                password "$ABC123"; ## SECRET-DATA
            }
        }
        address-assignment {
            pool dyn-vpn-address-pool;
         }
    }
    address-assignment {
        pool dyn-vpn-address-pool {
            family inet {
                network 10.10.10.0/24;
                xauth-attributes {
                    primary-dns 4.2.2.2/32;
                }
            }
        }
    }

  4. If you are still experiencing the problem, collect the information listed in KB21781 - [SRX] Data Collection Checklist - Logs/data to collect for troubleshooting, and open a case with your technical support representative.
Modification History:
2020-02-21: minor non-technical edits.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search