Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Policy Based VPN and MIP not working

    Posted 03-02-2009 13:12

    Hi

    I have an 5GT and I am triying to do the following.

    I configured an MIP on a Untrust Interface. Then I have a policy-based VPN wich the policy allows: the remote Network to the MIP with any services (also tried a single port). 

    When I check the Log for that Policy the "Source translated and Destination translated" shows both 0.0.0.0 (I quess the firewall is somehow not making any nat) and the last column it says traffic denied!

     

    Below this rule I have a deny all. I expected to see there a deny but not in a policy-log wich has an allow statement!

     

    I am aware this sound a bit bizzare but any Idea?

     

    best regards

    iglu



  • 2.  RE: Policy Based VPN and MIP not working
    Best Answer

    Posted 03-02-2009 13:47
    I don't think you can combine NAT with a MIP with policybased VPN. In general when you want to nat in a VPN best aproach is routebased VPN with numbered tunnel interface. Maybe you van describe the goal you want to achieve, and let us help you?


  • 3.  RE: Policy Based VPN and MIP not working

    Posted 03-04-2009 04:54

    Hi

    I have configured a route based vpn. in addition to that configured the MIP on the tunnel interface.

    everything is working fine.

     

    The reason for that was that we had to connect via VPN to a server in a network which on of our customer is already using (overlapping network).

    As described i made a MIP on the tunnel interface.

     

    best regards

    andrea