Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  SSG140 and SSG5

    Posted 04-20-2010 13:10

    I have a VPN between SSG140 and SSG5. I have a computer, which connects to SSG5 and through VPN need to print within a segment of the SSG140. The SSG140 I have two segments, for example 192.168.1.0 and 192.168.2.0. The issue is that I need the computer to print to a segment of 192.168.2.0, but I can not see any team. The computers that belong to the segment 192.168.1.0 if I can see, all in their entirety. What choice do I have?

     

    Thank you very much.



  • 2.  RE: SSG140 and SSG5

    Posted 04-21-2010 04:56

    Hi Emoralesa,

     

    this question belongs in the firewall section of the forums. I've asked a mod to move it.

     

    Aside from that, could you clarify?

     

    - in what IP range is the client PC?

    - does the client connect by VPN to the SSG5 or is the SSG5 routing the traffic to the SSG140?

    - can you ping hosts in either range?

    - did you check the routing and default gw on the client, on the server (or printer)?

    - did you check the routing tables on the VRs?

    - what type are the VPN ifs? unnumbered?

     

    Thanks in advance!

    And good luck troubleshooting.



  • 3.  RE: SSG140 and SSG5

    Posted 04-21-2010 08:54

    - in what IP range is the client PC?
    The segment of the computer, the SSG5 is 192.168.1

    - does the client connect by VPN to the SSG5 or is the SSG5 routing the traffic to the SSG140?
    The SSG5 client connects via VPN to SSG140

    - can you ping hosts in either range?
    The SSG5 client, can ping a single segment of the SSG140. At first, when installing the SSG140 172.31.114.0 segment was later to increase the number of computers, was added the 172.31.115.0. Now, the client can only see 172.31.114.0 segment customers and clients can not see the segment 172.31.115.0

    - did you check the routing and default gw on the client, on the server (or printer)?
    Exactly, and that part is revised. Both teams have the correct settings.

    - did you check the routing tables on the VRs?
    Sorry, what do you mean VRs?

    - what type are the VPN ifs?

    The SSG140 IP established and dynamic SSG5

    Excuse my English.

     

    I appreciate very much your time in addressing my request.



  • 4.  RE: SSG140 and SSG5
    Best Answer

    Posted 04-21-2010 20:38

    Hi,


    Based on your answers, I would check your Policies to make sure "172.31.115.0" is permitted, especially since this was expanded after the VPN was setup.

     

    -John



  • 5.  RE: SSG140 and SSG5

    Posted 04-22-2010 12:36

    Hi,

     

    I'm with John on this one.


    You should have a route in the 140 to the SSG5 network: 192.168.x.x/24

     

    In the SSG5 a route to both of the 172 networks

     

    The ssg5 needs a policy to allow both networks out, if it doesn't fall into the any any any policy

     

    The 140 needs to allow access to both networks from the 192.168.x.x network.



  • 6.  RE: SSG140 and SSG5

    Posted 04-22-2010 12:54

    Ready, and make all the changes, the solution was excellent. Thank you very much for your support.



  • 7.  RE: SSG140 and SSG5

    Posted 04-22-2010 12:56

    Mission accomplished. Review existing policies and also take into account the other solution. I very much appreciate the time that used to support.