Message Image

Skip main navigation (Press Enter).

Screen OS

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

How to set trust IP as source to "Self"?

Jump to Best Answer

Dmitry08-11-2009 06:48

Hi All, Here is a simple drawing of VPN topology. All LANs fully transparent each-to-each. The only ...

Dmitry08-11-2009 10:02Best Answer

I've found - it was my fault 🙂 Interface Tun.1 should be bound to Trust interface and be defined ...

1. How to set trust IP as source to "Self"?

0 Recommend
Dmitry
Posted 08-11-2009 06:48
Hi All,

Here is a simple drawing of VPN topology.
All LANs fully transparent each-to-each. The only problem: NS5GT self can't reach any IP across VPN (whole 10.0.0.0/8) as well as SSG-140 can't reach any IP across VPN (10.41.82.0/24).
I guess that reason is that pinging don't have a route back to the IP address that the router chose as the source IP address of the ICMP echo request, i.e. source IP of "Self" is Untrust interface.

The question is how to solve this matter?
I really need the solution because of NS5GT can't send e-mail alarms, syslogs etc.

Thank you!
2. RE: How to set trust IP as source to "Self"?
Best Answer

0 Recommend
Dmitry
Posted 08-11-2009 10:02
I've found - it was my fault 🙂 Interface Tun.1 should be bound to Trust interface and be defined in Untrust zone.

Thanks All for reading 🙂

Powered by Higher Logic