ScreenOS Firewalls (NOT SRX)
Reply
Contributor
Mangapuly
Posts: 47
Registered: ‎09-27-2009
0
Accepted Solution

VPN Hub and Spoke

Dear All.

 

I have some problem with VPN Hub and spoke.

I have configure VPN hub and spoke, and traffic from spoke to hub has no problem

but the traffic from Hub to Spoke cannot pass through.  the policy already any to any and routing from hub to spoke already using interface tunnel.

 

is there any configuration that I missed..

 

Thanks before.

 

Roy

 

Contributor
ed_gpc
Posts: 196
Registered: ‎09-21-2010
0

Re: VPN Hub and Spoke

Check you spoke policies, also try pinging out to the spoke with your trusted interface as the source.

Contributor
Mangapuly
Posts: 47
Registered: ‎09-27-2009
0

Re: VPN Hub and Spoke

The spoke has no policy it just modem + router, the strange is when i try to ping from the client behind the Hub with the destination is client behind the spoke, i dont see any traffic goes out, if I check log from policy in the Hub.

 

meanwhile, the zone for the tunnel in the zone i choose for the policy for this traffic, and the routing for the client behind the spoke already set into the tunnel interface....any clue ??

Recognized Expert
Sahota
Posts: 484
Registered: ‎03-15-2012
0

Re: VPN Hub and Spoke

Hi,

 

Can you share the configuration on both sides?

A debug can be tried on the HUB side to confirm if it is routing the packets as desired.

 

Thanks.

Hardeep

Contributor
adgwytc
Posts: 81
Registered: ‎08-09-2010
0

Re: VPN Hub and Spoke

If you are not seeing any traffic in the policy log then that is probably where the issue is.

 

Have you got the "from" and "to" zones correct? If you have created a seperate zone then this could be the issue.

Distinguished Expert
echidov
Posts: 858
Registered: ‎11-02-2009
0

Re: VPN Hub and Spoke

Hi,

 

Are the tunnel routes active (marked with *) when you display them with get route?

 

Kind regards,
Edouard
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.