10-15-2008 02:34 PM
I have a terminal that has succesfully established and connected a VPN to my netscreen firewall with Ike user (using netscreen remote). However it can only connect to network 192.168.1.x - I've been unsuccesful in trying to connect to my other networks 192.168.2.x, 192.168.3.x, etc.
Any pointers on how to procede? Thanks!
Solved! Go to Solution.
10-15-2008 05:23 PM
What is the network and subnet mask that you have configured on your netscreen remote client??
If you configured 192.168.1.0/24 then it will only route 192.168.1.0 network down the vpn. If you want to access other subnets then you need to do 192.168.0.0/16, this will send all 192.168.x.0 networks down the tunnel.
Remember you will also have to change the policy on the firewall to match the new subnet 192.168.0.0/16
10-16-2008 06:38 AM
You need to be careful with the proxy ID's on this issue. Using a /16 should work as a solution though. Just make sure that the proxy-IDs match on the firewall too.
10-16-2008 11:19 AM
10-22-2008 02:08 PM
The solution assumes you can summarize to /16. What if summarization is not desired or not possible for various reasons. I have similar problem where I initially had one internal segment accessible. I now want another discontiguous segment to be added. When I try to add the new subnet in the policy, I get an error message "Multiple addresses/services are not supported at current stage for bidirectional VPN policy".
Any pointers on what I need to do.