SRX

Expand all | Collapse all

Dynamic VPN and preshare-key

Jump to Best Answer
  • 1.  Dynamic VPN and preshare-key

    Posted 03-18-2015 01:01

    Hi all.


    As I understand, in IPSecVPN, preshare-key is used to authenticate VPN peers. As configure dynamic VPN, we have this configuration

    policy IKE-PHASE-1 {
    mode aggressive;
    proposals MY-IKE-PROPOSAL;
    pre-shared-key ascii-text "$9$lq8v87wYojHm-VHmfT/9evW8L7-Vw2oJN-"; ## SECRET-DATA
    }

    <with your pre-shared-key>

     

    But, there is one issue that I cannot understand. When I use Junos Pulse to connect to SRX VPN Gateway, there is no place for me to provide this pre-share key for Junos pulse to authenticate with SRX VPN Gateway. So, how SRX can authenticate my Junos Pulse?

     

    Or in other words, what is purpose of pre-share-key in dynamic vpn ?



  • 2.  RE: Dynamic VPN and preshare-key
    Best Answer

    Posted 03-18-2015 01:21

     Hi Hoand,,

     

    There are 2 authentication happens when pulse client tries to connect to SRX.

    During first authentication via https, SRX pushes VPN configuration ( including Preshared)to the pulse client.

     

    so pulse client uses that vpn config pushed by srx to connect to SRX.

     

    Manual configuration of preshared key on client is not needed and not available to config as well.


    Regards,
    rparthi

     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too