Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  IPsec tunnels in a series

    Posted 04-21-2010 10:39

    Hi,

     

    I have three locations connected in a series, like a chain, divided with SSG5 firewalls. I have set up IPsec tunnels between location1 and loc2 and between loc2 and loc3 and they are both functioning. I have also added static routes to subnet 3 on SSG5 No1 and vice versa. However, I can't reach location 3 from location 1. Do I have to make a new tunnel from location 1 to 3 or is it supposed to work as it is and I need to change something with the routing?

     

    Thanks a lot!



  • 2.  RE: IPsec tunnels in a series
    Best Answer

    Posted 04-21-2010 14:54

    Do you have intrazone policies in place in the "in between" firewall? I mean when your tunnel ints are in untrust the firewall in the midle should allow traffic from untrust to untrust.



  • 3.  RE: IPsec tunnels in a series

    Posted 04-22-2010 03:35

    Yeah, that was the problem. 🙂 The Untrust Zone on the SSG in the middle had the "block intra-zone traffic" set. Works like a charm now. 😉


    Thanks Screenie!