ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Shailender
Posts: 6
Registered: ‎12-22-2007
0

Facing issue in GRE traffic ??

Hi,

We have implemeted Netscreen firewall between 2 cisco routers, and both cisco routers have connected via GRE tunnel , Netscreen firewall passes the GRE traffic, for this we have cretaed a policy which allow GRE traffic between these 2 cisco devices.

 

we are facing problem when users come after 2 days to start work they are not able to connect for this we have to first disable the policy which passes the traffic then we need to enable the policy which passes the GRE traffic...

 

i am surprising wy this is happening, if any have face this issue please let me know. hot to resolve this issue...

 

 

Trusted Expert
Kashif-rana
Posts: 417
Registered: ‎01-29-2008
0

Re: Facing issue in GRE traffic ??

Hi,

 

-What screen OS u r using?

-What is exactly ur policy?

-Try to make any any permit policy to diagnose the problem

 

Thanks

Kashif Rana
JNCIE-SEC, JNCIE-ENT, JNCIE-SP, JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Contributor
Jupiter
Posts: 15
Registered: ‎11-11-2008
0

Re: Facing issue in GRE traffic ??

Hi Frined,

kindly elaborately tell us the scenerio, that will help to figure out whats causing this problem.

 

the Zones which you have made, are they the defined zones ? is there any routing protocol running in your scenerio ?

 

Regards,

Haider Ali

Visitor
Shailender
Posts: 6
Registered: ‎12-22-2007
0

Re: Facing issue in GRE traffic ??

Dear Friend,

 

We are using ISG-2000 with ScreenOS 6.0,I am enclosing a basic diagram of our topology.. We have creted a Policy between these zones which Permit GRE traffic.all work fine during working days. problem comes lets say when users comes after weekend on monday. they not able to connect to intnded servers. we have to manually disable the particular policy then enable that particular policy to work it again.

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.