cancel
Showing results for 
Search instead for 
Did you mean: 

KB link for IPSec setting on SSL VPN?

SOLVED
michael.saw_
Regular Contributor

KB link for IPSec setting on SSL VPN?

Hi all,

Does anyone know the kb link for IPSec setting on SSL VPN?

1 ACCEPTED SOLUTION

Accepted Solutions
SHKM_
Frequent Contributor

Re: KB link for IPSec setting on SSL VPN?

10 REPLIES 10
SHKM_
Frequent Contributor

Re: KB link for IPSec setting on SSL VPN?

zanyterp_
Respected Contributor

Re: KB link for IPSec setting on SSL VPN?

Are you looking for the IKEv2 settings or information about how ESP works inside network connect?
michael.saw_
Regular Contributor

Re: KB link for IPSec setting on SSL VPN?

Hi zanyterp,

 

I'm looking for information on how to establish IPsec tunnel (client-to-HQ connection) on SSL VPN.

zanyterp_
Respected Contributor

Re: KB link for IPSec setting on SSL VPN?

With clients coming in using software for the IKEv2 connection? I am not sure if we have specific KBs on how to set this up as it is covered in the admin guide fairly well; we do have specific use-case items for troubleshooting with some clients such as Windows 7 and the Playbook. What are you looking for specifically? Or are you referring to an IPSec tunnel for the SSL VPN to connect to another system as a client, which is not supported.
michael.saw_
Regular Contributor

Re: KB link for IPSec setting on SSL VPN?

Thanks zanyterp.

Is MAG suitable/capable/recommnded for Windows XP/7 clients in establishing IPSec tunnels base on a device-to-site IPSec tunnel?

We are looking at 600 IPSec VPN devices to connect to HQ site.
zanyterp_
Respected Contributor

Re: KB link for IPSec setting on SSL VPN?

Yes, the MAG can handle inbound VPN connections from the user PC using one of 3 VPN options: 1) Junos Pulse: This can be configured to provide L3 access from the client machine to the MAG unit, which will then allow the users access to the internal resources. This client includes the ability for you as an admin to create the tunnel based on location awareness rules, enable wireless suppression, and connect to SRX firewalls. 2) Network Connect: This is the legacy L3 VPN client on the SA systems. It connects to the MAG device, gets an IP, and allows users access to the LAN. 3) IKEv2: This uses your preferred IKE client to create the VPN to the MAG system and allow access to the LAN resources. All three are very viable solutions; if you are working on a new deployment for the MAG units, I would suggest Junos Pulse or IKEv2.
michael.saw_
Regular Contributor

Re: KB link for IPSec setting on SSL VPN?

ironically, it is not recommended to run IPSec VPN on MAG, right?
zanyterp_
Respected Contributor

Re: KB link for IPSec setting on SSL VPN?

There is no recommendation either way, other than using Junos Pulse rather than Network Connect, and that is only for future-proofing yourself with rollout; but all 3 are perfectly fine to use if you need/want an IPSec L3 connection.
michael.saw_
Regular Contributor

Re: KB link for IPSec setting on SSL VPN?

Thanks, zanyterp!

Anyone implemented pure IPSec on SSL VPN device?