Shrew VPN -> Juniper ... then.... Traffic Denied

MSUTech · ‎04-14-2009

Hello All,

We have a shrew soft vpn that appears to be working just fine..... when we look at the corresponding policy log within the Juniper SSG 520 we can see our activity.....

policy:

source:

[V1-Untrust/Dial-Up VPN]

destination:

[V1-Trust/10.1.1.0/24]

BUT.... the activity is all Traffic Denied..... (trying to do ANYTHING between any 10.1.1.* ip address)

example: pinging from 10.1.1.6 TO 10.1.1.2 gives the following policy log entry:

[datetime][source address port][destination address port][translated source][translated destin][service][duration][bytes sent][bytes received][close reason]

[11:40][10.1.1.6:25][10.1.1.2.1][0.0.0.0:0][0.0.0.0:0][ICMP][0 sec.][0][40][traffic denied]

help!

piccolo78 · ‎09-13-2009

Hi,

when the device is not in transparent mode, the zone is untrust not v1-untrust.

please also take a look , where your dial-up vpn client is terminating in whitch zone...

i can also post a working config (non transparent mode)....if you wish..

Regards

-PIccolo

MSUTech · ‎04-14-2009

We discovered that our 'randomly' created ip address grouping (behind firewall) was not defined as a vlan

Shrew VPN -> Juniper ... then.... Traffic Denied

Re: Shrew VPN -> Juniper ... then.... Traffic Denied

Re: Shrew VPN -> Juniper ... then.... Traffic Denied