 |
 |
We have a Juniper Secure Services Gateway 140 (a firewall), which is a model that does not support the web based authentication and vpn connection used at vpn.msu.edu. The software that Juniper offers is Netscreen-Remote for the client (supported on Windows, and not the Mac). Admittedly, the Juniper SSG 140 has good security protocols for the vpn, and there are some nice pictures in the documentation. But the documentation is voluminous and the numerous restrictions for what options can be combined are not documented well. But the client software is not well integrated with the secure gateway server. The options for the different phases of negotiating the encryption for the vpn tunnel are in very different places, and the names are not the same between the server interface and the client configuration interface. I can create a single user vpn that supports L2TP with IPsec and a dynamic address (i.e. DHCP) on the client. I can create a multiple user vpn that only works with a fixed address on the client. If I try to mix the two, the SSG 140 won't let me get past the Phase 1 negotiations. I looked through the documentation several times, and searched the Juniper website, and the multiple user vpn with dynamic address combination is not offered as an option. Has anyone found a configuration that supports a dynamic address on the client, a preshared key, a single IKE user account that permits multiple logins, and extended authentication through LDAP to a Windows Active Directory domain? If you have done it with certificates, I would like to hear about that too. If I get any responses, I can summarize to the list. -Stefan KBS Computer Services Helpdesk: [log in to unmask] 269-671-2100 (from campus 199-2100) Stefan Ozminski Computer Services W.K. Kellogg Biological Station Michigan State University 3700 E. Gull Lake Dr. Hickory Corners, MI 49060 Phone: 269-671-4427 (from campus 199-4427) [log in to unmask]