SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Dynamic VPN SRX240 and MS Exchange SSL Certificate Issue

    Posted 08-29-2013 08:37

    Hi juniper community,

    I'm new in configuring juniper devices. I use the 240 srx (version 12.1X44.4) first time. The cli syntax works good for me and I'm almost done with my configuration.

    There is only one issue with a MS-Exchange 2007 OWA certificate. I configured dynamic-vpn policy based, local database authentication and the junos pulse client. I created a self-signed https certificate and changed the web-management access to port 4444.

    If I connect <https://my-static-ip:4444> I get the user authentication site. After login the pulse client tried to connect to the srx. It is display a pulse window "Connecting to my-static-ip:444" and a warning regarding the self-signed https certificate. After accepting this with the connect button again, I get the window for login (username/password). After login I get the second warning window regarding to my MS-Exchange 2007 Server (SSL certificate). If I'm trying now to connect it breaks after a while and the same warning is displaying.

    Can someone help me with this issue or have a idea what settings I can try additional. I couldn't find any solution in the forum.

    Thanks for helping me,

    oga


    #dynamicvpnexchangeowa2007certificate


  • 2.  RE: Dynamic VPN SRX240 and MS Exchange SSL Certificate Issue
    Best Answer

    Posted 09-01-2013 23:54
      |   view attached

    If I have read your post correctly, you are trying to re-assign the dynamic-vpn HTTPS port (TCP 443) to a different port, so you can use Exchange OWA?  I am guessing that you have a single IP address.  If so, then you have a bit of a problem.

     

    You can change the HTTP/HTTPS port for the web interface, but it does not change the inbound services port on your WAN interface.

     

    at-2/0/0.0 {
        host-inbound-traffic {
            system-services {
                https;
                ike;
            }
        }
    }

    I suggest setting up a destination NAT rule for the OWA traffic and from WAN TCP 444 to LAN TCP 443. 

     

    If you have more than one WAN IP address then it is easy to fix. 

    Attachment(s)



  • 3.  RE: Dynamic VPN SRX240 and MS Exchange SSL Certificate Issue

    Posted 09-02-2013 02:43
    Yes, sorry for my english, you've understood my post correctly. Thanks for helping me. I will now try both suggestions. First I try the dest.-NAT-rule. In addition I'll order preventively another static WAN IP. This solution seems for me the neat way too. I let you and the forum know which solution works. Have a good one!


  • 4.  RE: Dynamic VPN SRX240 and MS Exchange SSL Certificate Issue

    Posted 09-04-2013 06:45

    @johnrbaker wrote:

    I suggest setting up a destination NAT rule for the OWA traffic and from WAN TCP 444 to LAN TCP 443. 

     

    If you have more than one WAN IP address then it is easy to fix. 


    hi johnrbaker,

    I tried the recommandation to change the nat rule, but the pulse client wasn't able to connect. Now I configured another WAN-IP interface with a sepearte public ip and took this for pulse and jweb access. It works fine. Thanks for helping and your example file. Have a nice one.