SRX Services Gateway
Reply
Visitor
Buyagift
Posts: 6
Registered: ‎02-16-2011
0
Accepted Solution

VPN connection established but no Intranet webpage

Hi

 

I have now one issue.Basically we have one SRX210 in London and three in Spain ,France and Italy respectivly.So basically three tunnels connection to the head office juniper (London).Now we have got our company intranet Page.So this intranet page works fine in Spain and France but not in itlay.Though all the three sites have VPN connection to the London(Head Office).I can ping the machines as well in Italy and from italy to uk.The VPN connection is UP as well for Italy.Just the intranet page does not display any thing in ITALY.

 

Please Help mei n this matter...I spent a lot of time but coul not sort it out..All the three sites have almost same configuratrion.If you need any more info will be happy to share

Trusted Expert
Kashif-rana
Posts: 417
Registered: ‎01-29-2008
0

Re: VPN connection established but no Intranet webpage

Hi

 

Since its a secure site to site VPN connection between your HO and Italy remote office then ISP cannot block the http traffic. I would suspect the mtu related problem. Is there any other web servcies are working fine from Italy office to HO? Kindly do the below:

 

- To avoid the possible fragmentation through VPN, run the below command on HO and your remote offices SRX

set security flow tcp-mss ipsec-vpn mss 1350

 

- If problem persist then Enable the traceoption for the traffic on London and Italy office SRX and post the output of show logs log-file

 

set security flow traceoptions file log-file
set security flow traceoptions flag basic-datapath
set security flow traceoptions flag packet-drops
set security flow traceoptions packet-filter pac1 source-prefix <any source ip from the ITALY office>
set security flow traceoptions packet-filter pac1 destination-prefix <Web server ip on London HO>
set security flow traceoptions packet-filter pac2 source-prefix <Web server ip on London HO>
set security flow traceoptions packet-filter pac2 destination-prefix <any source ip from the ITALY office>

 

HTH

Kashif Rana
JNCIE-SEC, JNCIE-ENT, JNCIE-SP, JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Visitor
Buyagift
Posts: 6
Registered: ‎02-16-2011
0

Re: VPN connection established but no Intranet webpage

Hi Kashif,

 

How will i find the result of command "set security flow tcp-mss ipsec-vpn mss 1350" into CLI.So that i can copy into the other branch offices !

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.