ScreenOS Firewalls (NOT SRX)
Reply
Contributor
Bill_G
Posts: 10
Registered: ‎11-07-2008
0

SSG-5 gateway not passing all addys

Slightly unusual problem, and possibly unrelated to the SSG-5. I have a 9 node system with 8 remote sites tunneling back to a prime site through the public internet. Plugging in locally to the trusted side of the prime site SSG-5, I have access to all devices on the network including the remote site trusted side devices. Using a VPN client session into the prime site from my office hours away, I have the same access to all devices except a few, and I've isolated them down to just one manufacturer. They are totally dark. However, if I start a VPN client session with any of the 8 remote sites, I can see everything including the products that were inaccessible remotely in a prime site session.



Example for clarification -

Connected locally I have addy 10.0.0.100 and I have access to all devices including 10.0.0.11 and 12.
Client session into prime site assigns me trusted addy 10.0.0.51 from the pool. 10.0.0.11 & 12 are inaccessible. All other devices are accessible.
Client session into remote site 1 assigns me trusted addy 10.0.1.51 from the pool. 10.0.0.11 & 12 are accessible.



Any thoughts are appreciated. Thank you.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.