ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
theberidox
Visitor
theberidox
Posts: 9
Registered: ‎05-19-2009
0
Accepted Solution

Problem with VPN communication between 2 NS5XTs

Options

‎05-19-2009 11:08 AM

I have 2 locations with static IPs with a NS5XT on each side. They have a VPN between each other that was created by the vpn wizard. The issue I'm having is that I can ping and connect via remote desktop using ip addresses from one side (garage network of 192.168.0.0) to the other (colonial network of 192.168.1.0) but can't ping or connect from the colonial network to the garage network. Both devices have both "Trust" to "Untrust" & "Untrust" to "Trust" to the other network with the Any policy.

 

Message 1 of 4 (3,949 Views)
 
Reply
Trusted Expert
Trusted Expert
firewall72
Posts: 781
Registered: ‎05-04-2008

Re: Problem with VPN communication between 2 NS5XTs

Options

‎05-19-2009 12:13 PM

Hi,

 

I would make sure the VPN is up using "get sa" from the CLI.  If the VPN is up, I would check to make sure the Policy is at the top (get pol from trust to untrust).  If it's not, the first policy would match and your traffic might not be encrypted across the tunnel.

 

-John

John Judge
JNCIS-SEC, JNCIS-ENT, JNCIA-IDP, JNCIA-JUNOS

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Message 2 of 4 (3,939 Views)
 
Reply
Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 777
Registered: ‎07-26-2008

Re: Problem with VPN communication between 2 NS5XTs

Options

‎05-19-2009 12:56 PM

Sounds like a policy issue. Can you access the firewall via CLI and show the config for both side?

 

get conf | i ike

get conf | i vpn

 

and the policy as well. 

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Message 3 of 4 (3,936 Views)
 
Reply
theberidox
Visitor
theberidox
Posts: 9
Registered: ‎05-19-2009
0

Re: Problem with VPN communication between 2 NS5XTs

Options

‎05-20-2009 08:17 AM

Hi Guys,

 Thank you for the help. I policys were at the bottom of the lists. I moved them to the top and now it seems to work. I would have never thought to move them. Thanks again.

 

Mike

Message 4 of 4 (3,911 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.