SRX210 - Remote VPN



  • Hi all,

    I have just configured the Dynamic VPNs (Remote Access VPNs) using SRX210.

    When I connect locally to WAN interface (ge-0/0/0) and test the configuration (using Juniper Access Manager), everything is ok, I can connect to the protected resources.

    However, when I connect WAN interface to modem to remote access from Internet. I can connect to https:// and install Juniper Access Manager (JAM), but JAM cannot connect to SRX210 (The status is connecting).

    I checked log and saw that IKE Phase 1 was DOWN.

    Pls help me to resolve this issue,

    Thanks a lot.



  • Thanks for your kindly support, J.Baker,

    I opened a case on JTAC and the problem was solved.

    Kindly follow this document : http://kb.juniper.net/InfoCenter/index?page=content&id=KB17953&actp=RSS&smlogin=true

    connecting to Srx interface directly is supported. Srx behind natting device is not supported.

    Regards,



  • I cannot see anything wrong with the dynamic vpn config.

    I would limit the services that your external connection is using like:

    host-inbound-traffic {
                            system-services {
                                dhcp;
                                tftp;
                                https;
                                ike;
                            }
    and remove the protocol all line.

    Otherwise your config is similar to mine.

    Juniper have released 10.4R5.5 and 11.1R3.5

    Both have the new Junor pulse client and fix some bugs.  If you can I would upgrade.



  • Hi,

    My SRX210 runs JUNOS 10.4R3.4.

    Attachment is my config,

    Thanks for your helps!

    srx210.txt



  • Hi

    Can you post your Junos version and your config please?


 

53
Online

38.4k
Users

12.7k
Topics

44.5k
Posts