Connecting to the Remote Access Server for the First Time (Pre-IKE Phase)

To establish a secure VPN tunnel from the user’s computer to the remote access server, the user must first authenticate into the server and download the client-side files as follows:

1. The user accesses the server’s URL.

   The user navigates to the https://<serverhost>/dynamic-vpn URL through a Web browser. This URL directs the user to the dynamic VPN login page on the remote access server.

2. The user signs into the server.

   The user enters the appropriate username and password into the login page, and the remote access server sends them to the authentication server for validation.

3. The server retrieves a client configuration.

   Once the server determines that the user has successfully authenticated, the server determines which client configuration to use when creating a secure VPN tunnel. The configuration includes an IKE ID for the user (such as johndoe.yourcompany.com), a Phase 1 security key, and a generated token to establish eligibility for future client downloads.

4. The server downloads the setup client to the user’s computer.

   The server downloads the setup client to the user’s computer. The server downloads the setup client (along with the client version information, client initialization parameters, and client VPN configuration parameters) to the user’s computer:

   • If the user is using Internet Explorer with Active-X enabled, the remote access server downloads an Active-X setup client to the user’s computer.
   • Otherwise, if the user is using a Web browser with Java enabled, the remote access server downloads an Java setup client to the user’s computer.
   • If the user does not have Active-X or Java enabled, the server presents a download page to the user, enabling the user to manually download the setup client.
5. The setup client checks that the user has administrator privileges.

   Once the server has successfully downloaded the setup client to the user’s computer, the setup client checks that the user has the proper rights to install a new client. (Administrator privileges are required only to install the client, but not to upgrade it.)

6. The setup client installs Access Manager.

   The setup client installs Access Manager on the user’s computer. The user is prompted to restart the computer to finish the installation.

Once the Access Manager client is successfully launched, the user can initiate a secure VPN connection to the remote access server from Access Manager.

You can also download the latest version of the Access Manager client from the Juniper Networks Support site. The user can connect to the remote access server and initiate a client download before you have finished configuring the dynamic VPN feature. In this case, the user can still authenticate into the server, but cannot establish a secure VPN tunnel.

Related Topics

• Junos OS Feature Support Reference for SRX Series and J Series Devices
• Dynamic VPN Configuration Overview
• Understanding the Dynamic VPN and Access Manager User Experience
• Connecting to the Remote Access Server for Subsequent Sessions (Pre-IKE Phase)
• Establishing an IPsec VPN Tunnel (IKE Phase)