Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Netscreen remote VPN client/SSG320 - How to enable split tunneling with access to the local subnet

    Posted 06-15-2009 14:58

    Hey guys, 

     

    I am trying to configure my SSG320 and NetScreen remote vpn client to do Split Tunneling with access to the local subnet. Basically I want the same feature included on the Network Connect feature on the SA's.

     

    Is this possible I didn't see an option in the client does this have to be done on the ScreenOS config?

     

    Thanks 



  • 2.  RE: Netscreen remote VPN client/SSG320 - How to enable split tunneling with access to the local subnet
    Best Answer

    Posted 06-15-2009 15:40

    Hi,

     

    Unless you're using an old NSR version, split tunneling is enabled by default (see link).  However, I feel there are limitations with NSR that make the SA Network Connect option a lot better.  The main restriction is you can only specify one contigous subnet to be d per for tunneling per VPN using My Connections, Remote Party Identity and Addressing.  In the SA, you can specify multiple subnet as needed.  Also, unless you create a Route Based dial-up VPN, you can't route traffic from the client to a spoke via a hub like you can with the SA.  I hope this helps.

     

    http://kb.juniper.net/index?page=content&id=KB5794&actp=search&searchid=1245105207799

     

    -John



  • 3.  RE: Netscreen remote VPN client/SSG320 - How to enable split tunneling with access to the local subnet

    Posted 06-15-2009 16:29

    Thanks John, 

     

    I totally agree I had everything working on the Network Connect but the problem is budgets 😞