3

I have a host who set up our Juniper SSG 5 VPN with Firmware version-6.2.0r5.0

I've been trying to set up VPN on it using this guide: http://kb.juniper.net/InfoCenter/index?page=content&id=KB4094 I've followed the steps and on my Mac, whenever I try to connect using L2TP over IPSec I get the following error;

Summary of Steps: Create User (give them L2TP auth ability), Create Group, Place User in Group, Create VPN Gateway, Create VPN, create IP Pool, change default L2TP settings, create Untrust > Trust Policy.

The L2TP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.

I looked in my Firewall's logs, but I don't even see anything under Reports > Logs > Events.

I'm.. obviously missing something, I just don't know what I'm missing at this point. I'm just starting networking and this is sort of Step 101 and I'm getting annoyed and just want to throw up OpenVPN, but I've read that has problems with Juniper Firewalls. Hooray.

Ethabelle
  • 2,052
  • 14
  • 20
  • Sounds like you're getting no response at all. I would expect maybe that the interface or the zone needs to be configured to either enable or allow the L2TP service to listen. – SpacemanSpiff Oct 10 '12 at 03:18
  • Did some legwork for you, it looks like when you define the gateway you should be specifying the outgoing interface and that should start the service listening. Did you get the interface right? I would think if any of the IP pooling or policies were out of order you'd get a more descriptive error. – SpacemanSpiff Oct 10 '12 at 03:30
  • I looked at the GW... it doesn't give you an option to specify an interface. It just allows you to set up which group you are using and then the P1 settings. – Ethabelle Oct 10 '12 at 05:46
  • And after I turned on verbose logging; Wed Oct 10 00:49:29 2012 : L2TP connecting to server 'x.x.x.x' (x.x.x.x)... Wed Oct 10 00:49:29 2012 : IPSec connection started Wed Oct 10 00:49:29 2012 : IPSec phase 1 client started Wed Oct 10 00:49:39 2012 : IPSec connection failed – Ethabelle Oct 10 '12 at 05:50
  • That's from the firewall or client? Do you have a default deny policy define with logging? Might provide more detail. – SpacemanSpiff Oct 10 '12 at 13:33
  • It's from the Client. I don't see anything like that in the logs on the firewall. – Ethabelle Oct 10 '12 at 18:15
  • If a Cisco is an option... – ewwhite Oct 13 '12 at 21:01

1 Answers1

4

Ok folks. I just want to mark this as answered and leave what I discovered here incase anyone else comes along wanting to know the answer.

IF YOU ARE USING A MAC, DO NOT USE THE BUILT IN VPN CLIENT AND THINK JUNIPER IS GOING TO BE OKAY WITH IT

What I discovered is that no matter what it cannot pass on the correct credentials, it simply doesn't have the amount of fields needed. The VPN is incompatible in my opinion. I got it working on VPN Tracker & Juniper's Client, but not the Mac client.

So. Save yourself a headache if you're a Mac user and don't even try.

Ethabelle
  • 2,052
  • 14
  • 20