Nowadays, remote mobile office has become a necessary part of enterprise office. In order to realize the mobile security access of various devices such as PC, mobile phone or PAD, we can choose the SSL VPN deployment method.
Juniper provides two access methods for Remote Access Solution (remote access) on SRX, Dynamic VPN using Pulse client (supporting SRX300 and SRX550/650) and Remote Access using NCP client (supporting SRX300 and SRX1500).
In this experiment, we will configure dynamic vpn on SRX340. When configuring dynamic vpn using pulse secure client, the SRX only supports policy-based VPN, not route-based, and user authentication is provided by local configuration files.
Experimental topology:
experiment procedure:
We configure both the CLI and the WEB (the configuration of the WEB will be very simple using the wizard mode ). During the experiment, I was unable to log in after configuring with cli at the beginning. I reconfigured it with web, but I still could not log in. It turns out that the client needs to be updated, and it is recommended to upgrade the client to version 5.0 or later.
CLI configuration:
1. Configuration of VPN tunnel:
The difference goes to ipsec vpn, we specify the hostname and connection limit number in the gateway. Juniper SRX series dynamic VPN comes with two users. If you need to add additional users, you can purchase a license.
The specified user at the client level is associated with the VPN tunnel.
2. Policy configuration:
Because dynamic VPN is a policy -based VPN, a specific policy needs to be configured to direct traffic to the VPN tunnel.
3. Configure the profile:
Configure the user's password and associate the address pool.
4. Configure the address pool:
5. Configure the https process:
Configuration is complete, set up the client:
Type: SRX
Name: the hostname we specified in the gateway
Server: SRX's public network address
Enter account password:
Log in successfully, check the connection options:
Assigned address:
Check the VPN connection on the device:
1.VPN tunnel:
2. Logged in user:
3. License usage:
2 available, 1 used.
WEB configuration (take 12.3X48-D55.4 as an example):
Before, it was all CLI command configuration. I didn't expect the WEB wizard configuration to be very simple:
1. Find the vpn option under wizards:
2. Select remote access vpn
3. Follow the wizard prompts to configure:
The configuration wizard has defined a lot of naming, which is very convenient.
Fill in the area and network segment for accessing the intranet.
VPN encryption.
User's account and password. User's address pool.
The final commit can be confirmed.
The vpn client version I use:
