All Topics » Pulse Policy Secure



Junos Pulse 802.1x configuration


kr3ator
Contributor (11)
Feb 28, 2014 7:52am

Hi everybody,

 

I'm trying to configure UAC+EX+Junos Pulse for L2 access.

 

UAC and EX are ready but I have some problems with Junos Pulse as 802.1x supplicant. 

 

On the physical interface with Windows 7 installed I've enabled 802.1x authentication with Juniper Networks: EAP-TTLS.

I have also did the following:

-installed UAC (IC) certificate on the PC

-installed root CA certificate that signed UAC certificate on the PC

-in setting of juniper EAP-TTLS I've set the anonymous field to "anonymous"

 

Could someone explain me the process of deploying Junos Pulse+UAC+EX for 802.1x?

What am I missing?

 

Thanks.




kalagesan
Contributor (11)
Mar 2, 2014 10:51pm

Hi,

 

1. Are you trying to use certficate based authentication or username /password based authentication?

 

2. Are you trying user authentication or machine authentication?

 

3. What is the authentication server enabled in IC?

 

4. If you have the setup ready , what is the error message in IC user access log?

 

5. Do you see the local Are connection  profile lodaded in the Pulse UI?

 

6. Can you donload & install the pulse client from  the same IC using agent less access if possible?

 

REgards,

Kannan

 

 

 

    kr3ator
    Contributor (11)
    Mar 3, 2014 2:05am

    Hi, thank's for the interest in the case.

     

    1. I was trying to do both.

    2. I would like to have a user authentication (using personal keys)

    3. When I was trying username based auth it was set to System local with a Realm restriction on personal certificate. When I was trying cert atuh the auth server was set to Certificate server

    4. There is no log in User access, Events or via Troubleshooting (session recorder). Capture of pacets on the PC says only that authentication has failed after the creation of outer SSL/TLS tunnel from the switch.

    5/6. Under Pulse conncections I've enabled only one connection - 802.1x. This connection has a defined Outer user name as anonymous and a Trusted Client side CA certificate that was used to sign user certificate. At first I've opened the port on the switch to allow dowload of the Junos Pulse client from the IC to the PC. After that I've switched back the switch port to use 802.1x with a RADIUS server (IC). The connection is listed in the Pulse GUI. When I click connect it says: "Waiting for the network" and then I get a notification form windows about unsucessful 802.1x auth.

     

     

glaberge
Contributor (11)
Mar 3, 2014 2:55pm

Just for the sake of being complete.  Can you post your EX config?  Just want to verify that you have 802.1x enabled on the ports.

 

Also, you can start with at least getting local authentication working before adding certificates.  They are a different beast.

 

Garett

    apaul
    Contributor (11)
    Mar 3, 2014 10:43pm

    CAn you also post the detailed Pulse logs, to do this ensure you open Pulse @ client, goto File --> Logs --> Log Level --> Details and Save the logs once the issue is replicated. Please provide the timestamp of the connection attempt to co-relate the logs. Also you can add a tcp-dump from the IC which could help here as well.