Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [Dynamic VPN] Using Junos Pulse to connect Dynamic VPN client to SRX

0

0

Article ID: KB17641 KB Last Updated: 19 Mar 2020Version: 8.0
Summary:

Using Junos Pulse to connect Dynamic VPN client to SRX

Symptoms:

Steps to connect Dynamic VPN client to SRX using Junos Pulse

Solution:

Instructions for the SRX and client are as follows:

SRX

Follow the steps in the Dynamic VPN Application Note to configure the SRX device.  The steps specified in the 'Configuration' section of the application note do not change if you are using the Junos Pulse client:

1. Access configuration
2. HTTPS configuration
3. IKE/IPsec configuration
4. Dynamic VPN configuration
5. Policy configuration

CLIENT (Junos Pulse)

Follow the sequence of events below in order to establish an IPsec tunnel using Junos Pulse.  Instead of the PC user pointing to https://<SRX IP>/dynamic-vpn , the user performs the following steps:

Note:  The EXE or MSI software for the PC is located under the 'Bulk Installer' section on the Junos Pulse Download Software page.







  1. Download Junos Pulse software from http://www.juniper.net/support/downloads/?p=pulse#docs.
  2. Install Junos Pulse on the PC.

  3. Launch Junos Pulse client from Start>All Programs>Juniper Networks>Junos Pulse, and click on the '+' symbol to add a connection:





  4.  
  5.  
  6. From the Connection Type drop down menu choose firewall, enter the name of the connection, and the IP address of the external interface of the SRX Firewall:


  7. Click on ‘Add’.

  8. Click on ‘Connect’ under the SRX Connection:





  9.  
  10.  
  11. If you are using the Self signed certificate or if the Certificate is invalid an alert message is shown, click on ‘Connect’ if you want continue:





  12.  
  13.  
  14. Enter your username and password credentials and click on 'Connect'.  At this time, the user configuration is downloaded and IKE Security Association will attempt to establish.)





  15.  
  16.  
  17. The Junos Pulse window shows the status as ‘Connecting’ (as shown below):





  18.  
  19.  
  20. If you are accessing the dynamic VPN for the first time you will be prompted for User credentials again. Enter your Xauth username and password credentials.

    Note: The first User Auth (at step 8) is being used to download the configuration and to establish an IKE security association. The second credentials (at this step) is used to establish IPSEC Security association and make the connection. Both the user credentials can be either same or different based on the configuration on the SRX Appliance.





  21.  
  22.  
  23. If the user credentials are accepted then the connection is established. The status of the connection shows as ‘Connected’





  24.  
  25.  
  26. To verify the connection, go to command prompt and type IPCONFIG /ALL.  Look for the Juniper Network Agent Virtual Adapter.  This is required to successfully access protected resources.  The address is assigned with the Framed-IP-Address and Framed-IP-Netmask attributes on the RADIUS server.




  27.  
  28.  
 
 
Modification History:
2020-03-19: Archived article.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search