Configuring an L2TP Over IPSec Tunnel on Juniper SSG520

Posted on 2010-09-17
Last Modified: 2013-11-21
I am trying to create an L2TP Over IPSec Tunnel on a Juniper SSG520 Firewall.  I have been following this document: and it is still not working.  I am not seeing any traffic even going to the "Dial Up VPN" policy.  My ultimate goal is to get mobile devices (iPhones, iPads, Android devices) connected to the VPN to be able to remote desktop computer/servers inside our network.  Has anyone done this before?  Or is there a better way to accomplish this?
Question by:NorthAmerican
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 37

Expert Comment

by:Jian An Lim
ID: 33721310
mobile devices (iPhones, iPads, Android devices) connected to the VPN to be able to remote desktop computer/servers inside our network

I will strongly recommend not to go down with SSG VPN. they are more design to staticly assign.
If you want to get mobile device, I will recommend to use Juniper SA2500. These devices are clear cut and have much granular access to the network.

since you have relationship with Juniper, you should get a demo device from them to try out.


Author Comment

ID: 33725197
We also have an F5 firepass 1200 VPN appliance, but have not figured out how to get that to work with mobile devices, which is why we decided to try with the SSG520.  Is there a way to make it work better with the F5 vpn appliance?

Author Comment

ID: 33725232
Side note:  We are able to log into the vpn from mobile devices, but iPads, iPhones, and adroid devices are not able to download the necessary files to make remote desktop possible.
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

LVL 37

Expert Comment

by:Jian An Lim
ID: 33730266
do iPhones, iPads, Android devices have java running?

i believe juniper SA (and maybe f5) use java as thier platform to make remote desktop possible.

from what my experience, i can't even get Mac to get a remote desktop because it lack of java.

Author Comment

ID: 33736071
No, I don't believe they run java.  I was thinking somewhere along the lines of creating a tunnel from the mobile devices to either the Juniper SSG520 or Firepass 1200 so that these devices can then use their own apps to log into computers on the network.
LVL 37

Expert Comment

by:Jian An Lim
ID: 33739223
good luck on that then.

i think i have exhausted my part.

If you SSG is under maintenance, give JTAC a call and let them sort out for you.

Accepted Solution

NorthAmerican earned 0 total points
ID: 33861140
I'm going to try posting a different question about this same problem to see if anyone has successfully connected an ipad, iphone, and android device with a sonicwall.  That may be the route we end up going.

Featured Post

Are You Ransomware's Next Victim?

Worried about ransomware attacks hitting your organization?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with WatchGuard Total Security!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question