Screen OS

I am trying to route VPN traffic from a SSG140 to a Cisco 3030 using external IP's.

Cisco:

Peer 1.1.1.1

VPN access 2.2.2.0 / 24

Juniper

Peer 3.3.3.1

VPN access 3.3.3.32 / 29 (This is our external IP)

The VPN IKE tunnel is setup on Juniper using a proxy ID for Local as 3.3.3.32/29 and remote as 2.2.2.0/24 and the tunnel appears to be working at both ends (Phase 1 and 2 says completed!), but I cannot access the web servers on the Cisco side (ie 2.2.2.10). The Cisco side is setup by an external company allowing us access to their systems and they do not use the "Trust" side of the network for connecting through the VPN tunnel.

1. How do I route 3.3.3.32 traffic destined to 2.2.2.0 using the VPN tunnel?

2. Do I setup the VPN tunnel on Juniper to use MIP?

Thanks in advance.

Could you draw a simple diagram of the network?

If I understand this correctly then you are using policy vpn on the ssg side, if the traffic is matching the policy it will be send through the VPN to the cisco.

You can see what policy the packets are matching using "debug flow basic"

http://kb.juniper.net/KB12208

/m

Adding to the above update , please also provide the following with debug:

get ike coo

get sa

get sa a

Thanks

Atif

Thank you for your help. The debug commands clued me into the problem.