Juniper Netscreen-Remote with ESET Smart Security on Windows 7

Hello,

Does anyone use the NetScreen-Remote vpn client with ESET SmartSecurity on a Windows 7 computer? It does not work with versions of ESET SS greater that 4.0.474.

Windows 7 professional, with SP1 (new installation)
Juniper NetScreen-Remote v9.0 (SafeNet SoftRemote 10.8.0 - Build 20)
ESET Smart Security Business v4.2.67 or v4.2.71.2

It works with version 4.0.474 of ESET SS, deactivating first the firewall, doing the vpn connection and then activating the firewall.

But with a version of ESET SS greater (I tried with v4.2.67 and 4.2.71.2) it does not connect, even deactivating the firewall. The Netscreen-remote asks for user and password, try to connect, but finally it fails with a message of 'User Authentication failed'.

Attached are the logs of the client and of the Juniper SSG 5 where I'm trying to connect.

I have configured the ESET SS with rules to allow all traffic for the NetScreen-Remote programs. I attach too a image with the configuracion.

Same configuration works without problems on a Windows Vista Pro and on a Windows XP Pro.

Any ideas of what can be happen? Thanks.

Log on the Juniper SSG5 firewall:
ServerLog.txt

Log on the NetScreen-Remote vpn client:
ClientLog.txt

Image with rules of ESET SmartSecurity
Image with rules of ESET SmartSecurity
LVL 1
gllanderasAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SysExpertCommented:
SInce it works in all but Win 7, I suspect the Eset SW still has WIn 7 issues.

Are you running 64 bit on any of the machines ?

I hope this helps !
SysExpertCommented:
Have you tried running it in XP compatibility mode and local Admin rights ?
gllanderasAuthor Commented:
Thanks for your comments, SysExpert.

I did all the tests with windows 32 bits. In fact, there is no 64 bits version of the NetScreen-Remote client.

The services of ESET and SafeNet are configured to run with Local System rights, and the loged user is an administrator, so I do not think that it is a privileges issue.

Tomorrow I will try your suggestion of running it in XP compatibility, I do not have the computer here at this moment.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

AllvirtualCommented:
There IS a Juniper Client for 64-bit OS. NetScreen Remote client is end-of-life. The new Juniper VPN client is NCP Juniper client: http://www.ncp-e.com which operates in both 32 and 64-bit environments on all major OS such as Windows and Mac. I suggest you migrate to the new client.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
gllanderasAuthor Commented:
Allvirtual, The problem with NCP Juniper client is the cost of the license: 1 license of NCP costs as much as 10 licenses of NetScreen-Remote client. Too bad that Juniper decided to stop developing it.

Now we are trying the Shrew vpn client: http://www.shrew.net/  It is free. :-)
gllanderasAuthor Commented:
SysExpert, I configured the NetScreen-Remote VPN client program to run in XP compatibility mode, but it continues to fail.

I think that it must be a problem with the ESET firewall. They changed something in the way that the program handle the network that even deactivating the firewall and antivir, it vpn connection fails.
AllvirtualCommented:
True. You get what you pay for. If you ever looked at the client yourself you know why. Nobody works for free and developing software costs money. For me as a professional I am happy to pay for professional software. To answer your question, Juniper decided NCP's client is the best value for the money and I agree with this assessment. They are the leader in IPsec VPN, it's the Mercedes or Porsche or BMW of VPN 8) And yes off course you can buy a Honda Civic and be happy but it ain't the same.
SysExpertCommented:
try the free zoneAlarm or other free firewall instead of ESET perhaps ( Comodo also )
gllanderasAuthor Commented:
Thanks, Allvirtual and SysExpert, but at this moment I cannot change neither the VPN program nor the firewall of the pc because of company policy.
So I have to keep using the old version of ESET SmartSecurity (4.0.474.0) and telling all users that they must first turn off the firewall, then do the vpn connection, and finally re-enable the firewall.
AllvirtualCommented:
How many VPN Remote Access users do you have in total? Have you ever thought about a VPN/FW managed clients. That solves a ton of problems and frees IT from doing other more productive work.
gllanderasAuthor Commented:
We sold the NetScreen SSG5 firewall to (some of) our clients, and we installed the NetScreen-Remote client in the portables, together with the ESET SmartSecurity. Now they begin to update the computers and to use Windows 7, so we have this compatibily problem.
Is not too many users, maybe 80, but they are of different companies.

Offer a NetScreen SSG5 firewall plus NCP implies to duplicate the budget, and our clients are small offices and they do not want to spend so much money, and actualy they do not have 'the need' of such inversion.

As I see, the solution will be to wait to the next version of ESET SS and see if they change the way it works so we do not have the compatibility problem. And if it continues, then we must use another local AV+Firewall, but changing all the users and licensing the product.

What do you mean with 'VPN/FW maneged clients'?
AllvirtualCommented:
What I meant was to investigate the possibility to use the integrated/built-in Firewall of the NCP client instead of the ESET. Both the NCP Universal Client and the NCP Enterprise Client come with a Firewall. In the case of the Enterprise Client, which is a managed client, the firewall rules are centrally manged. But if you have smaller customers best to go with the Universal Client. Unfortunately the NCP Juniper client does not have the Firewall integrated, only the Universal NCP Client does. You can do a 30-day trial of the Universal client. It has full functionality for 30 days. At least you know what is there.
gllanderasAuthor Commented:
It seems that there is no solution to this incompatibility, so the 'least bad' solution will be to change the ESET SmartSecurity by another firewall.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.