F5 and Juniper SSL-VPN

Question

We are setting up our new Juniper SSL-VPN's behind our F5s so we can use them in an active active conifguration. We are not having any problems with the regular SSL-VPN communications. However when we try to use the parts that allow you to do a try VPN tunnel we are getting either a Invalid certificate response or the app refuses the start.&nbsp;
&nbsp;Right now I have ports 443 tcp and 4500 UDP configured. &nbsp;&nbsp;&nbsp;

&nbsp;I've looked through all the docs and tried everything that appears to be close to what we want to do. So far nothing is working. Does anyone have any ideas on what I should do to configure this ?&nbsp;&nbsp;&nbsp;

&nbsp;

&nbsp;Our F5 is currently on 9.4.5 LTM&nbsp;&nbsp;&nbsp;

&nbsp;

&nbsp;Thanks for any ideas and help that will get us moving forward.&nbsp;&nbsp;&nbsp;

&nbsp;Joe&nbsp;&nbsp;

nitass_89166 · Answer

not sure if this is relevant and whether it is still correct now.&nbsp;
&nbsp;i have worked with one customer about rdp service. connection failed when starting rdp session (web application was working fine). finally, juniper tac informed that there is specific scurity mechanism in client and ive which discarding packet because they detect man-in-the-middle attack. layer 4 load balancing should be no issue.

nitass · Answer

not sure if this is relevant and whether it is still correct now.&nbsp;
&nbsp;i have worked with one customer about rdp service. connection failed when starting rdp session (web application was working fine). finally, juniper tac informed that there is specific scurity mechanism in client and ive which discarding packet because they detect man-in-the-middle attack. layer 4 load balancing should be no issue.

narendren_s_658 · Answer

Hi All, Anybody have solution for this issue? Instead of layer-4 policy, if we use layer-7 for port 443 and layer-4 for udp 4500, will it resolve the issue?&nbsp;

narendren_s_658 · Answer

Hi All, Anybody have solution for this issue? Instead of layer-4 policy, if we use layer-7 for port 443 and layer-4 for udp 4500, will it resolve the issue?&nbsp;

Forum Discussion

F5 and Juniper SSL-VPN

4 Replies

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

SSL VPN Split Tunneling and Office 365

SSL VPN Tunnel and Office 365

Creating a SSL VPN Using F5 Full Webtop

Rate Limiting SSL VPN User Traffic

Scaling SSL VPN using BIG-IP Local Traffic Manager (LTM)