SRX

Expand all | Collapse all

Juniper Secure Connect - Disconnecting Immediately - 1sec

  • 1.  Juniper Secure Connect - Disconnecting Immediately - 1sec

    Posted 16 days ago

    Hi There,

    After a little guidance and assistance if possible.

    I have been trying to test the Juniper Secure Connect and i seem to be getting an odd issue.

    I have followed the guides, etc to configuring the SRX, creating the locally signed certificate, etc but it appears that when i connect, the session sets up, green on the VPN client on my Mac and then immediately disconnects.
    As it stands there is no clear reason why.
    Its sets up ok then immediately tears down.

    Any ideas?

    Thanks

    Craig



  • 2.  RE: Juniper Secure Connect - Disconnecting Immediately - 1sec

     
    Posted 13 days ago
    You can pull the logs on the SRX right after the event to check for what is being recorded.

    show log messages | last 50

    Or  until the logs roll over you can determine which saved log covers the time period of the last failed attempt looking at the dates on the log files.
    This will display the still present files with the creation date.

    show log messages.?

    Show the content then of the numbered file in your time window and watch the log time for when your failed login occurred.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Juniper Secure Connect - Disconnecting Immediately - 1sec

    Posted 12 days ago

    Thanks for the reply Steve.

    It appears that the device is producing the following error message:

    "Reason: IKE negotiation request from user disallowed as remote-access user license limit exceeded."

    Now the SRX has the in-built licensing for 2 free connections and is seemingly ok so unsure why this message is coming up:


    There is no user connected when i try the above and get the error.

    Any thoughts?

    Thanks

    Craig




  • 4.  RE: Juniper Secure Connect - Disconnecting Immediately - 1sec

     
    Posted 12 days ago
    Sounds like a software bug then.  Juniper calls the PR (problem reports).

    With your current version number we can search and see if this is public and already identified, then it will say what version you need to upgrade to to clear the issue.

    https://prsearch.juniper.net/InfoCenter/index?page=prsearch

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: Juniper Secure Connect - Disconnecting Immediately - 1sec

    Posted 11 days ago
    Thanks again Steve.

    I have had a look at the link provided and entered in the SRX300 Junos version 21.1R1 and its not highlighted any PRs with licenses or remote access thats relatable to this issue.

    The current JTAC recommended for SRX300 is 19.4 i believe but to be able to run Juniper Secure Connect i believe it needs a minimum of Junos 20.3 so cant really use that.

    Might possibly try downgrading back to 20.3.

    Thanks
    Craig


  • 6.  RE: Juniper Secure Connect - Disconnecting Immediately - 1sec

     
    Posted 11 days ago
    If that does not clear the issue, you would need to create an official support ticket.  They will have access to the full PR database and know if the issue is already reported.  If not, it can be a pain to provide all the detailed logging and get the issue reproduced in the JTAC lab for a fix.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 7.  RE: Juniper Secure Connect - Disconnecting Immediately - 1sec

    Posted 11 days ago

    Thanks Steve, really appreciate the replies.

    Will give this a go and report back in a few days. 

    Thanks again
    Craig