SSL VPN
Reply
Trusted Contributor
NatashaW
Posts: 56
Registered: ‎06-13-2012
0
Accepted Solution

Access to network range

Hi Guys,

 

I am trying to allow Putty access through WSAM to my network switch range for a third party. While it allows the Putty connection if I add in a specific IP address (example 10.1.2.3), if I change the resource profile WSAM destination to 10.0.0.0 or to 10.0.0.0/8, it doesn't allow any Putty connection.

 

Does anyone have any ideas?

 

Thanks

 

Natasha

Moderator Moderator
Moderator
ruc
Posts: 231
Registered: ‎11-06-2007
0

Re: Access to network range

Strange. This is simple and should work. The first thing I would check is if you have the option "Create an access control policy allowing SAM access to these servers" in the resource profile is  checked. Next I would manually check the ACL under Resource Policies > SAM or do a quick policy trace to see if ACL's are an issue.

Trusted Contributor
NatashaW
Posts: 56
Registered: ‎06-13-2012
0

Re: Access to network range

Hi, Thank you for the reply. I have checked the above and I can confirm I have them configured. After running a policy trace, it came back with 'No Auto Allow resources configured'. I would have thought that the 10.0.0.0 access would have allowed for anything within that range? It really is a strange one. I might log it with JTAC and see if they have any answers.

 

Thank you for your help.

 

Natasha

Contributor
RexPGP
Posts: 145
Registered: ‎05-04-2009
0

Re: Access to network range

is not 10.0.0.0 or 10.0.0.1 special in Cisco like default

Recognized Expert
jayLaiz
Posts: 416
Registered: ‎11-25-2009
0

Re: Access to network range

Hi Natasha,

 

did you try creating a client application WSAM profile instead of WSAM destination and test, file name will be putty.exe

 

Regards,

Jay

Trusted Contributor
NatashaW
Posts: 56
Registered: ‎06-13-2012

Re: Access to network range

Hi, thank you for the responses. I logged the issue with JTAC and they said that its not possible to allow access to a range of IP's, only specific IP's or servers. Since I have over 500 devices, I put in *.*:* and that has given the third party Putty access. Its a little insecure, but it works for now.

 

Many thanks again for your help.

 

Natasha

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.