I have looked through several tutorials and made many attempts, now sure where I am missing the boat.
Following is my most recent attempt, no dice. (I have removed non-relevant information)
With each attempt I am received the same error.
"Error 1110: Unable to communicate with the server."
Pulse secure on Windows 7 system.
## Last changed: 2017-08-04 13:02:23 EDT
version 15.1X49-D60.7;
system {
host-name atlanta-srx;
}
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface [ ge-0/0/1.0 st0.3 ];
}
https {
system-generated-certificate;
interface [ ge-0/0/1.0 ge-0/0/0.0 ];
}
}
}
security {
ike {
proposal ike-dyn-prop-ATL {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm md5;
encryption-algorithm 3des-cbc;
}
policy ike-dyn-pol-ATL {
mode aggressive;
proposals ike-dyn-prop-ATL;
pre-shared-key ascii-text "$9$KnCMWXdb2JGirewg4aHk.P5z9tp01ylvbsaUjkQzEcSeLx7-Vb24W8GDkqTQcylMX-UDk5T3IE7VwYGUFn/90IEhrevLO1RcleXxdbs24ZjHmTF/"; ## SECRET-DATA
}
gateway gw-dyn-ATL {
ike-policy ike-dyn-pol-ATL;
dynamic {
hostname atlanta-srx;
connections-limit 2;
}
external-interface ge-0/0/0.0;
xauth {
access-profile ATL-dyn-vpn;
}
}
}
ipsec {
proposal dyn-prop-ATL {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-128-cbc;
}
policy ipsec-dyn-pol-ATL {
perfect-forward-secrecy {
keys group2;
}
proposals dyn-prop-ATL;
}
vpn vpn-dyn-ATL {
ike {
gateway gw-dyn-ATL;
ipsec-policy ipsec-dyn-pol-ATL;
}
}
}
flow {
tcp-mss {
ipsec-vpn {
mss 1379;
}
}
}
nat {
source {
rule-set trust-to-untrust {
from zone trust;
to zone untrust;
rule source-nat-rule {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone trust to-zone untrust {
policy trust-to-untrust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone untrust to-zone trust {
policy dyn-vpn-pol-ATL {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
bgp;
}
}
interfaces {
ge-0/0/1.0;
st0.3;
st0.1;
st0.2;
}
}
security-zone untrust {
screen untrust-screen;
host-inbound-traffic {
system-services {
ike;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
https;
ping;
ike;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 11.22.33.44/30;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.xx.xxx/24;
}
}
}
}
protocols {
l2-learning {
global-mode switching;
}
}
access {
profile ATL-dyn-vpn {
client TEST {
firewall-user {
password "$9$WjYLXNwYoUjqKM2aJG.mfTznt0O1Eev8YgGjH.QzEcSeLx7-Vb24W8GDkqTQcylMX-UDk5T3IE7VwYGUFn/90IEhrevLO1RcleXxdbs24ZjHmTF/"; ## SECRET-DATA
}
}
address-assignment {
pool ATL-POOL;
}
}
address-assignment {
pool ATL-POOL {
family inet {
network 192.168.200.0/24;
range ATL-dyn-ip-range {
low 192.168.200.20;
high 192.168.200.50;
}
xauth-attributes {
primary-dns 8.8.8.8/32;
}
}
}
}
firewall-authentication {
web-authentication {
default-profile ATL-dyn-vpn;
}
}
}