Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Configuring an L2TP Over IPSec Tunnel on Juniper SSG520

Posted on 2010-09-17
Medium Priority
Last Modified: 2013-11-21
I am trying to create an L2TP Over IPSec Tunnel on a Juniper SSG520 Firewall.  I have been following this document: and it is still not working.  I am not seeing any traffic even going to the "Dial Up VPN" policy.  My ultimate goal is to get mobile devices (iPhones, iPads, Android devices) connected to the VPN to be able to remote desktop computer/servers inside our network.  Has anyone done this before?  Or is there a better way to accomplish this?
Question by:NorthAmerican
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 37

Expert Comment

by:Jian An Lim
ID: 33721310
mobile devices (iPhones, iPads, Android devices) connected to the VPN to be able to remote desktop computer/servers inside our network

I will strongly recommend not to go down with SSG VPN. they are more design to staticly assign.
If you want to get mobile device, I will recommend to use Juniper SA2500. These devices are clear cut and have much granular access to the network.

since you have relationship with Juniper, you should get a demo device from them to try out.


Author Comment

ID: 33725197
We also have an F5 firepass 1200 VPN appliance, but have not figured out how to get that to work with mobile devices, which is why we decided to try with the SSG520.  Is there a way to make it work better with the F5 vpn appliance?

Author Comment

ID: 33725232
Side note:  We are able to log into the vpn from mobile devices, but iPads, iPhones, and adroid devices are not able to download the necessary files to make remote desktop possible.
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

LVL 37

Expert Comment

by:Jian An Lim
ID: 33730266
do iPhones, iPads, Android devices have java running?

i believe juniper SA (and maybe f5) use java as thier platform to make remote desktop possible.

from what my experience, i can't even get Mac to get a remote desktop because it lack of java.

Author Comment

ID: 33736071
No, I don't believe they run java.  I was thinking somewhere along the lines of creating a tunnel from the mobile devices to either the Juniper SSG520 or Firepass 1200 so that these devices can then use their own apps to log into computers on the network.
LVL 37

Expert Comment

by:Jian An Lim
ID: 33739223
good luck on that then.

i think i have exhausted my part.

If you SSG is under maintenance, give JTAC a call and let them sort out for you.

Accepted Solution

NorthAmerican earned 0 total points
ID: 33861140
I'm going to try posting a different question about this same problem to see if anyone has successfully connected an ipad, iphone, and android device with a sonicwall.  That may be the route we end up going.

Featured Post

Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question