04-17-2017 08:15 PM - edited 04-17-2017 08:17 PM
I have a VPN box on a separate VLAN that you can see in my config that I attached connected to an openvpn box that is dedicated for this. It is listening on the right port, I have the config right the clients configs are right and are attempting to connect to the right place. I see translation hits in the log to the right port but nothing is showing up on tcpdump or anywhere on the VPN box. I only have one external IP address so I am just using a port to determine it is VPN traffic.
Can someone please look at this and see what the heck I am doing wrong?
I should mention, this is for remote users to connect to my home network from a hotel wireless, cafe, etc. that I don't trust on my phone, tablet, laptop, etc.
Solved! Go to Solution.
04-22-2017 05:39 AM
From the configuration it looks like you are missing the security policy to permit the inbound vpn traffic. It looks like you may have both the zone names mis matched and the addresses used in the policies incorrect. But I'm not positive is both are wrong
Basically, you write the security policy from the internet zone to the translated address zone, not the nat address as I think you are doing in your config. Here is the example:
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6 ACE PanOS 7