ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
hulk
Contributor
hulk
Posts: 11
Registered: ‎06-20-2008
0
Accepted Solution

Dialup-VPN successfully connects, but the Windows VPN client cannot reach devices on the Trust side

Options

‎07-04-2008 07:54 AM

I have read through all the discussion threads and KB articles relating to troubleshooting this issue and I still am not finding the solution.  I can successfully create the IPSec tunnel and can ping the Trust side interface as a previous post indicates that this is usually no problem as the Firewall/VPN device knows how to handle this traffic.  When I am logged into the Firewall/VPN device via ssh and perform a ping test to other devices on the Trust side, I get a positive response.  What am I missing? I have added my configuration to this post.  Please have a look at this.

 

Greatly frustrated but appreciative.

 

Hulk

Attachment _cfg.txt ‏5 KB
Message 1 of 5 (6,718 Views)
 
Reply
Super Contributor
sylvain
Posts: 162
Registered: ‎12-20-2007
0

Dialup-VPN successfully connects,

[ Edited ]
Options

‎07-04-2008 01:05 PM - edited ‎07-04-2008 01:07 PM

Hi Hulk,

 

Try the following :

 

- Edit your VPN policy

- Go in advanced configuration

- Activate the source NAT with Egress Interface

Message Edited by sylvain on 07-04-2008 01:07 PM
Message 2 of 5 (6,699 Views)
 
Reply
hulk
Contributor
hulk
Posts: 11
Registered: ‎06-20-2008
0

Re: Dialup-VPN successfully connects,

Options

‎07-07-2008 05:56 AM

FAAANtastic.....not 100% sure why this is needed, but it worked and I don't care at this time to figure it out.  Someone should re-edit the steps for creating a Dial-up VPN to include this crucial step...

 

thanks a bunch

 

Hulk

Message 3 of 5 (6,630 Views)
 
Reply
Super Contributor
sylvain
Posts: 162
Registered: ‎12-20-2007
0

Re: Dialup-VPN successfully connects,

Options

‎07-07-2008 07:47 AM

Hi Hulk,

 

To be honnest, it s a workaround. I think there is a problem with the return flow in your case ( Perhaps a routing issue ).

By translating the source, all the networks think that the src ip is the Firewall ( and not the IPsec client ).  

Message 4 of 5 (6,618 Views)
 
Reply
hulk
Contributor
hulk
Posts: 11
Registered: ‎06-20-2008
0

Re: Dialup-VPN successfully connects,

Options

‎07-07-2008 09:55 AM

Fair enough, workaround or not, I am just glad to see this is working. It seems odd that there is a routing issue with such a simple setup?  Is this related to the version of ScreenOS running on the Firewall/VPN device? What is even more unsettling is that I reset the original settings back into the policy, reset the device to flush any caching and I can still see the devices on the Trust side....confusing...U bet!!!

 

 Well, I am just going to chock this up to good old FM technology,or just needed a kickstart, and leave it for now.

 

thanks again for your input

 

Hulk

Message 5 of 5 (6,600 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.