Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[SRX/IDP] The TLS connection to LDAP server does not working when traversing through SRX (using IDP)

0

0

Article ID: KB24524 KB Last Updated: 01 Jun 2012Version: 1.0
Summary:
This article describes the issue of the TLS connection to LDAP server not working, when traversing through SRX
Symptoms:
  • The LDAP, which is between the client on the trust side and the server on the untrust side, works normally.

  • When TLS is used with LDAP, the client is unable to reach the server. The connection hangs.
Cause:
IDP was enabled on the policy, which was allowing LDAP with TLS.
Solution:
When LDAP with TLS is used, the packet will appear as encrypted. This packet was unable to be decoded and, as a result, IDP interpreted this as a possible anomaly.  The resolution for this issue is to delete IDP from the application-services policy.

For example, assume that you have the following policy:

[edit security policies from-zone trust to-zone untrust]
root# show
policy LDAP-TLS {
    match {
        source-address any;
        destination-address any;
        application junos-ldap;
    }
    then {
        permit {
            application-services {
                idp;
            }
        }
    }
}

The resolution is to delete IDP from this policy:

delete security policies from-zone trust to-zone untrust policy LDAP-TLS then permit application-services idp
commit
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search