•
On SRX100 Low Memory, SRX100 High Memory, SRX210 Low Memory, SRX210 High
Memory, SRX240 High Memory, and SRX650 devices, the Link Layer Discovery Protocol
(LLDP) organization-specific Type Length Value (TLV), medium attachment unit
(MAU) information always propagates as Unknown. [PR/480361]
•
On SRX100 High Memory devices and SRX210 Low Memory devices, dot1x
unauthenticated ports accept Link Layer Discovery Protocol (LLDP) Protocol Data
Units (PDUs) from neighbors. [PR/485845]
•
For SRX210 High Memory devices, during configuration of access and trunk ports, the
individual VLANs from the vlan-range are not listed. [PR/489872]
•
On SRX100, SRX210, SRX220, SRX240, SRX650, and all J Series devices, the IRB
(VLAN) interface cannot be used as the underlying interface for Point-to-Point Protocol
over Ethernet (PPPoE). [PR/528624]
VPNs
•
On SRX210 and SRX240 devices, concurrent login to the device from different
management systems (for example, laptop or desktop computers) is not supported.
The first user session is diconnected when a second user session is started from a
different management system. Also, the status for the first user system is displayed
incorrectly as Connected. [PR/434447]
•
On SRX Series and J Series devices, the site-to-site policy-based VPNs in a 3 or more
zone scenario will not work if the policies match the address “any” instead of specific
addresses, and all cross-zone traffic policies point to the single site-to-site VPN tunnel.
As a workaround, configure address books in different zones to match the source and
destination, and use the address book name in the policy to match the source and
destination. [PR/441967]
•
On SRX100, SRX210, SRX240, and SRX650 devices, Routing Engine level redundancy
for dynamic VPN fails because the tunnels need to renegotiate after RG0 failover.
[PR/513884]
•
On SRX100, SRX210, SRX240, and SRX650 devices, the dynamic VPN server always
pushes the last configured dynamic client configuration to the client. If the VPN
configuration bound to this dynamic VPN client is not bound to a policy, IKE negotiation
fails when you try to connect to the server. [PR/514033]
•
On SRX100, SRX210, SRX240, and SRX650 devices, the dynamic VPN client is not
downloaded if there is not enough space in the /jail/var directory in the dynamic VPN
server. [PR/515261]
•
On SRX100, SRX210, SRX240, and SRX650 devices, the IRB (VLAN) interface cannot
be used as the underlying interface for Point-to-Point Protocol over Ethernet (PPPoE).
[PR/528624]
•
On SRX3400 and SRX3600 devices, the VPN monitor status in the DEP server side
stays down for some time after RG0 and RG1 failover because there is no active state
sync up for VPN monitoring. [PR/532952]
Copyright © 2010, Juniper Networks, Inc.160
JUNOS OS 10.4 Release Notes
To Next Page
Loading...