How to configure SRX to allow multiple Junos Pulse connections from the same user

This article provides information on how to simultaneously connect one user from different locations to the same SRX device by using multiple Junos Pulse connections.

Currently, Junos Pulse does not have the support for allowing multiple connections from the same user.

When a user tries to logon by using his/her credentials via Junos Pulse, SRX allows the connection. But when that user tries to establish a second connection, when the first connection is still present, it drops both connections or drops the first connection and connects the second one. But a concurrent connection does not work, as this feature is not yet supported.

Currently SRX does not support two connections from the same user via only one IKE gateway. You have to create two different gateways and then tie the lab user to each IKE gateway.

SRX configuration:

1. Create the access profile for the lab user:

2. Create two separate IKE gateways and tie the lab user to each gateway:

3. Create two separate IPsec VPNs and tie each of them to the separate IKE gateways that were created in Step 1:

4. Define the clients under the dynamic VPN stanza:

Junos Pulse configuration:

  1. Logon to the PC and start the Junos Pulse client.
  2. Go to File > Connections > Forget Saved Settings.
  3. Create the connection by clicking the + symbol.
  4. Type the SRX URL (that is IP address).
  5. Click Connect. You will be prompted for the username and password twice. When the credentials are provided twice, it will connect.
  6. Repeat the process from a different PC by using the same user credentials.

Verification:

The protected resources that are defined in the access profile are 10.0.0.0/8.

The pinging of the SRX interface address (10.10.10.10) is successful:

The pinging of the SRX interface address (20.10.10.10) fails, as expected, as it is not part of the allowed resources via SRX:

Refer to the following images:

How to configure SRX to allow multiple Junos Pulse connections from the same user-1

How to configure SRX to allow multiple Junos Pulse connections from the same user-2

About the author

Prasanna

1 Comment

  • Hi Prasana ,

    Good idea but its actually don’t work or there is something missing in config , how SRX decide to send second user to second ike gw ?

Leave a Comment