I have been struggling with this for over 2 weeks now and tried everything i possibly can.
The Dyanmic vpn connection works fine, but the pulse client randomly pop's up with a password promt and disconnects if the password is not re-entered.
I found this KB :http://kb.juniper.net/InfoCenter/index?page=content&id=KB28835&actp=search&viewlocale=en_US&searchid...
Basicly it says : When the Pulse Dynamic VPN (DVPN) phase 1 (IKE) security association timer expires, it is mandatory to re-enter the username and password to reform a new IKE phase 1 session. This is the reason Pulse VPN tunnel goes down and prompts for user name and password.
Can anyone please help me to solve this, It gets rather frustrating having to enter your password every 10 minutes while you are working.
I have already trade to increase the IKE Phase one lifetime to 3600 seconds as well as the phase 2 lifetime, Still no difference to the timeouts.
ike {
proposal Dynamic-VPN-P1-Proposal {
description "Dynamic P1 Proposal";
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm 3des-cbc;
lifetime-seconds 12000;
}
policy Dynamic-VPN-P2-Policy {
mode aggressive;
description "Dynamic P2 Policy";
proposals Dynamic-VPN-P1-Proposal;
pre-shared-key ascii-text "$$#5";
}
gateway Dynamic-VPN-P1-Gateway {
ike-policy Dynamic-VPN-P2-Policy;
dynamic {
hostname vpn.contoso.com;
ike-user-type shared-ike-id;
}
external-interface ge-0/0/0.0;
xauth access-profile Dynamic-XAuth;
ipsec {
proposal Dynamic-P2-Proposal {
description Dynamic-VPN-P2-Proposal;
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-256-cbc;
lifetime-seconds 18000;
}
policy Dynamic-P2-Policy {
perfect-forward-secrecy {
keys group2;
}
proposal-set standard;
vpn Dynamic-VPN {
ike {
gateway Dynamic-VPN-P1-Gateway;
ipsec-policy Dynamic-P2-Policy;
}
establish-tunnels immediately;
}
Thanks B
