Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Netscreen 208 VPN Client Issue

    Posted 03-08-2013 14:29

    Everyone,

     

       First off let me say this is the first time I have ever used a Juniper product and am not exactly the best with it yet. I was able to follow the KB article about setting up the VPN and my client can connect however the client cannot access anything on the LAN side. I can ping the Netscreen's internal interface (192.168.0.1) however I cannot ping any clients (192.168.0.100). I am sure I am missing something simple but I can't figure it out. I bascially have the same configuration as this walks you through (http://kb.juniper.net/InfoCenter/index?page=content&id=KB4094). I am also brand new to VPN's



  • 2.  RE: Netscreen 208 VPN Client Issue

    Posted 03-09-2013 09:42

    Is there a requirement to have l2tp as well?

    Can you just try ipsec.

    Regarding the ping not working, is the policy allowed for all subnets?

    Is the lan host configured to respond to traffic coming from client ip address?



  • 3.  RE: Netscreen 208 VPN Client Issue

    Posted 03-09-2013 17:42

    As I mentioned previously I am brand new to VPN's. If I don't need L2TP to get this done and simply use IPsec I would be happy to do it. Basically I need remote clients to be able to access a server.

     

    I honestly don't know how to tell if the policy is allowed for all subnets.

    The laptop I'm trying to ping will respond to pings from client son the same subnet.

     

    I'm sorry I'm a complete newb with this stuff.



  • 4.  RE: Netscreen 208 VPN Client Issue
    Best Answer

    Posted 03-09-2013 22:42

    Hi,

     

    You can refer below link to configure IPsec VPN without L2TP.
    http://kb.juniper.net/InfoCenter/index?page=content&id=KB8535 

     
    http://kb.juniper.net/InfoCenter/index?page=content&id=KB14878 


    http://kb.juniper.net/InfoCenter/index?page=content&id=KB4117 

     

    Also, below link may help in troubleshooting:


    http://kb.juniper.net/InfoCenter/index?page=content&id=KB9276

     

    You can enable logging on the policy and check if traffic is hitting the VPN policy.
    get log traffic policy <id>


    Hope this helps.

    Thanks.
    Hardeep



  • 5.  RE: Netscreen 208 VPN Client Issue

    Posted 03-10-2013 08:06

    Thanks I'll check these out would it be better to use preshared keys or IKE Id and xauth?



  • 6.  RE: Netscreen 208 VPN Client Issue

    Posted 03-10-2013 20:17

    You can use preshared keys or certificates for authentication.

    For ike-id you can use an email address.

    Xauth is optional, as of now you can ignore it.



  • 7.  RE: Netscreen 208 VPN Client Issue

    Posted 03-12-2013 15:11

    Thank you for the information. I was able to get this working in a test bed enviorment however I have it installed in a friends network now and am trying to connect to it using Shrewsoft VPN. When I try to connect the VPN shows no requests or anything on it but when I try my cell phone from the same network it gets to the Netscreen. What setting am I missing on my pc or shrewsoft that is stopping this?

     

    Thank You

     



  • 8.  RE: Netscreen 208 VPN Client Issue

    Posted 03-12-2013 15:19

    Fixed the problem it was the virtual adapter in Windows