Tag Archives: dynamic-vpn

JWEB and Dynamic VPN page

There seems to be a confusion about how JWEB and dynamic VPN authentication page are working in parallel.
I hope to give some tips I know in this post. For example, if you have the following config, what does it really mean for JWEB?

This config enforces that JWEB web service can only be served on the configured ge-0/0/0.0 and ge-0/0/1.0 interfaces. Of course if the https service is allowed on the security zone that these interfaces belong to. So far so good but what happens if you enable dynamic VPN service for which you also provide an authentication page. In that case what happens to JWEB? In this case you should look at the IKE gateway stanza. For instance if you have the following IKE gateway config;

Junos will disable JWEB on ge-0/0/1.0 interface and you will be redirected to the dynamic-vpn authentication page. What if the dynamic-vpn page itself returns a 404 not found error. In that case I would recommend you to check if you have proper configuration under “security dynamic-vpn” hierarchy. For example if you don’t have a config like below, you won’t get dynamic-vpn page but a 404 error.

I hope this helps someone out there. Of course if you see any mistake or have comments, don’t hesitate tell.