ScreenOS Firewalls (NOT SRX)
Reply
Visitor
TipPeru
Posts: 2
Registered: ‎10-15-2008
0
Accepted Solution

Need Dialup VPN to access different network segments

I have a terminal that has succesfully established and connected a VPN to my netscreen firewall with Ike user (using netscreen remote). However it can only connect to network 192.168.1.x - I've been unsuccesful in trying to connect to my other networks 192.168.2.x, 192.168.3.x, etc.

 

Any pointers on how to procede? Thanks!

Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008
0

Re: Need Dialup VPN to access different network segments

Hi,

 

What is the network and subnet mask that you have configured on your netscreen remote client??

 

If you configured 192.168.1.0/24 then it will only route 192.168.1.0 network down the vpn. If you want to access other subnets then you need to do 192.168.0.0/16, this will send all 192.168.x.0 networks down the tunnel.

 

Remember you will also have to change the policy on the firewall to match the new subnet 192.168.0.0/16

 

Regards

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
Trusted Contributor
Arkus
Posts: 70
Registered: ‎02-11-2008
0

Re: Need Dialup VPN to access different network segments

Hi TipPeru,

 

You need to be careful with the proxy ID's on this issue. Using a /16 should work as a solution though. Just make sure that the proxy-IDs match on the firewall too.

 

Regards,

A.

Visitor
TipPeru
Posts: 2
Registered: ‎10-15-2008
0

Re: Need Dialup VPN to access different network segments

Thanks! My local support company couldn't figure this one out for 6 weeks now! I myself have had to learn and read manuals upon manuals, trying out different aproaches... thank you very much!
New User
DanT
Posts: 1
Registered: ‎10-22-2008
0

Re: Need Dialup VPN to access different network segments

Hi all,

The solution assumes you can summarize to /16. What if summarization is not desired or not possible for various reasons. I have similar problem where I initially had one internal segment accessible. I now want another discontiguous segment to be added. When I try to add the new subnet in the policy, I get an error message "Multiple addresses/services are not supported at current stage for bidirectional VPN policy".

 

Any pointers on what I need to do.

  

Thanks,

/Dan

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.