ScreenOS Firewalls (NOT SRX)
Reply
Contributor
MSUTech
Posts: 13
Registered: ‎04-14-2009
0
Accepted Solution

Shrew VPN -> Juniper ... then.... Traffic Denied

Hello All,

 

We have a shrew soft vpn that appears to be working just fine..... when we look at the corresponding policy log within the Juniper SSG 520 we can see our activity.....

 

policy:

source:

[V1-Untrust/Dial-Up VPN]

 

destination:

[V1-Trust/10.1.1.0/24]

 

BUT.... the activity is all Traffic Denied..... (trying to do ANYTHING between any 10.1.1.* ip address)

 

example:  pinging from 10.1.1.6 TO 10.1.1.2 gives the following policy log entry:

 

[datetime][source address port][destination address port][translated source][translated destin][service][duration][bytes sent][bytes received][close reason]

 

 

[11:40][10.1.1.6:25][10.1.1.2.1][0.0.0.0:0][0.0.0.0:0][ICMP][0 sec.][0][40][traffic denied]

 

 

 

help!

Trusted Contributor
piccolo78
Posts: 108
Registered: ‎09-13-2009
0

Re: Shrew VPN -> Juniper ... then.... Traffic Denied

[ Edited ]

Hi,

 

when the device is not in transparent mode, the zone is untrust not v1-untrust.

please also take a look , where your dial-up vpn client  is terminating in whitch zone...

 

i can also post a working config (non transparent mode)....if you wish..

 

Regards

 

-PIccolo
Contributor
MSUTech
Posts: 13
Registered: ‎04-14-2009
0

Re: Shrew VPN -> Juniper ... then.... Traffic Denied

We discovered that our 'randomly' created ip address grouping (behind firewall) was not defined as a vlan

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.