SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Reply
BAJ
Visitor
Posts: 3
Registered: ‎02-11-2014
0 Kudos

Dyn VPN with SRX behind NAT Device, and Split Tunnel

Hi,

 

I'm trying to establish a Dynamic VPN which the SRX is behind a 1-to-1 NAT Device, whith Split tunnel enabled.

 

The connection is successfull, but im experiencing a weird behavior.

The internet browsing is not working, meanwhile, i'm able to ping any public IPs.

btw, i have the below dns command:

set access address-assignment pool dyn-vpn-address-pool family inet xauth-attributes primary-dns dns_ip_address

 

Any idea

 

Thank you

Highlighted
Distinguished Expert
Posts: 5,122
Registered: ‎03-30-2009
0 Kudos

Re: Dyn VPN with SRX behind NAT Device, and Split Tunnel

I think you are saying that you can ping internet ip addresses but that your web browsing is not working.

 

This would indicate that the DNS server is not working for your connection.  You can confirm this by doing some manual nslookup commands while connected to the vpn.

 

Make sure your configured dns server is reachable to your pool address.  And there are security policies in place that permit the connection to the DNS server.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
BAJ
Visitor
Posts: 3
Registered: ‎02-11-2014
0 Kudos

Re: Dyn VPN with SRX behind NAT Device, and Split Tunnel

It worked,

one of the internal network is 192.168.8.x and it was added to the protected network.

this range overlap with my 4G modem DHCP, i changed them and it worked fine.

 

Thank you