SRX

Expand all | Collapse all

Dynamic VPN with Pulse Desktop Client

Jump to Best Answer
  • 1.  Dynamic VPN with Pulse Desktop Client

    Posted 01-09-2018 23:09

    Hi all!

     

    Is there anybody who uses latest Junos (15.1X49-D120) on SRX3XX series and has dynamic VPN working with latest Pulse Secure Desktop Client (5.3.4)?

     

    I was following this guide https://www.juniper.net/documentation/en_US/junos/topics/example/vpn-security-dynamic-example-configuring.html with no success.

     

    According to this forum thread https://community.pulsesecure.net/t5/Pulse-Desktop-Clients/Juniper-owners-how-to-get-client/td-p/9318 Pulse clients >= 5.2 should not work with SRX but there is still option to configure SRX connection in latest Pulse clients.

     

    Traceoptions for ike and dynamic-vpn doesn't help. Firewall sends TCP FIN immediately after SSL Client Hello from Pulse Client. Web interface of the firewall is accessible via HTTPS from Internet and properly displays the message "Please obtain the Pulse Client from the Pulse Website". Firewall is using system-generated-certificate, but Pulse Client does not even ask me to accept untrusted certificate.

     

    I am aware of the possibility tu use NCP client. I have already tested this option and it works fine. But our employees use Pulse Client for regular VPN access with MAG appliance and it wouldn't be convenient to buy and use another VPN client.

     

    I would appreciate any suggestions

     

    Michal

     

     

     

     



  • 2.  RE: Dynamic VPN with Pulse Desktop Client
    Best Answer

    Posted 01-17-2018 03:23

    My friend at Juniper solved the issue (all credits goes to K.H.):

    Pulse Client on Windows 7 tries TLS 1.0 connection and it is not supported on latest Junos releases any more.

    It's necessary to apply following fix: https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

     

    Bye, M.