When configure remote VPN on SRX, I see we need to type preshared-key parametter. But when configure on Junos Pulse (VPN Client for Juniper), I don't see any place to type preshared-key. So some one can explain for me what the role of preshared-key on VPN remote? Or in Juniper VPN remote Access, we don't need preshared-key?
Pulse is used with the Dynamic VPN functionality of the SRX -- not the site-to-site VPN.
As such, the configuration is a bit different.
KB17641 is a good place to start, from there it can take you through Pulse configuration and also configuring the Dynamic VPN on the SRX.
This document should be linked on all our Dynamic VPN pages as the explanation of how it functions helped me more than most of the official docs to get my service working on SRX300 running 15.1X49-D70.3. I've submitted a request to our documentation team for exactly that.
Thanks for the link!
@Layardtd wrote:Do you know why is not used? For me its too weak this access method.
The Pulse / Dynamic VPN works a little differently than a site-to-site VPN.
With the Dynamic VPN, the pre-shared key is used, however the Pulse client does not need to be configured with it. The Pulse client will authenticate the user first by using username/password credentials (over HTTPS) and there must be an access profile configured and tied with the dynamic VPN. Once the initial authentication passes, the configuration (including the IKE Phase 1 pre-shared key) is automatically downloaded to the client, and the authentication continues from there.
Thanks so much.