Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Route based /Policy Based VPN configuration on screenos

    Posted 08-07-2014 12:33
      |   view attached

    Has any one configured route based or policy based client VPN on ScreenOS with allowed access on specific ports only . I have attached screnshot of what i had configured and it works but i when i chage the service to only allow TS and RDP or any specific ports it fails. Is there something that i'm missing or misconfigured? Configuring my VPN as it is documented here http://kb.juniper.net/InfoCenter/index?page=content&id=KB15075

    Attachment(s)

    docx
    VPNTest.docx   22 KB 1 version


  • 2.  RE: Route based /Policy Based VPN configuration on screenos

    Posted 08-07-2014 12:50

    You can only define a single service.  If you define multiple, it sets the proxy-id to any.



  • 3.  RE: Route based /Policy Based VPN configuration on screenos
    Best Answer

     
    Posted 08-07-2014 12:55

    One way around this is to configure a policy for each port.

     

    Same idea as http://kb.juniper.net/InfoCenter/index?page=content&id=KB12959, but instead of different, subnets, it will be different port numbers.

     

    Net result will be 1 phase1 SA.  Then multiple phase2 SA's.

     

    As Bob mentions, you can configure just one port per policy, otherwise the service portion of the proxy-id will change to 'any'.

     

     

    Hope this helps.

     

    Regards,

    Sam