ScreenOS Firewalls (NOT SRX)
Reply
JS
Contributor
JS
Posts: 14
Registered: ‎10-22-2008
0

Mobile VPN with SSG not being default gateway.

Hi

 

I would like to set up a SSG5 to be a VPN-gateway, but not default GW. That would be easiest if the VPN-clients would be represented with an internal ip-adresse (like with SA's or MS-VPN).

Can that be done?

 

An alternative could be to give then an ip-adresse from a known range and then set up static routes on the server, for that.

I have tried the last solution by using xauth, but it does not seem to work.

 

If I change the default gateway of a server I can get traffic trought, but I just enter a static router I will not.

If I traceroute to the address range of the vpn-clients from the server it does get routed corectely.

 

Can anyone help me find the best sollution (now I can't get permission to buy a SA)?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.