Running JUNOS Software Release [11.2R1.10]
I have configured a VPN with the Wizard, the clients are able to connect.
The /dynamic-vpn website is not unavailable. just an egg timer and never connects.
When i browse to xx.xxx.xxx.xxx i am able to login to the web management access console of my firewall externally? Even though it should re-direct to the dynamic-vpn login. This is a major security issue.
Quote from Juniper Dynamic VPN AppNote: "If an interface is used for dynamic-vpn access (that is, if an interface is configured under the ike listener interfaces in an IPSec VPN profile used for dynamic-vpn access) and that interface is not configured for web-management access, only access to the dynamic-vpn portal will be allowed, effectively disabling J-web access on that interface."
Clients are still able to connect on junos pulse, however the https://xxx.xxx.xxx.xxx/dynamic-vpn website is unavailable for users to download the clients.
I have restarted the firewall several times, but to no avail. each time I am able to get users connected again but this website is never accessable, and my front end login screen is!!!
If i disable the HTTPS or HTTP service on the external Vlan.1, everything stops working and I get a HTTP Service error:
httpd: Error: Can't start HTTP service, exiting
and
httpd: Error: Can't listen for HTTP on :80
I then have to restart the firewall!!!!!!!!!
I am seriously considering downgrading to 10.4 R6 again or something similar. Any help is greatly appreciated
services {
ssh;
web-management {
http {
interface [ vlan.0 vlan.1 ];
}
https {
system-generated-certificate;
interface [ vlan.0 vlan.1 ];
}
}