Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  VPN Hub and Spoke

    Posted 06-12-2012 03:50

    Dear All.

     

    I have some problem with VPN Hub and spoke.

    I have configure VPN hub and spoke, and traffic from spoke to hub has no problem

    but the traffic from Hub to Spoke cannot pass through.  the policy already any to any and routing from hub to spoke already using interface tunnel.

     

    is there any configuration that I missed..

     

    Thanks before.

     

    Roy

     



  • 2.  RE: VPN Hub and Spoke

    Posted 06-12-2012 12:56

    Check you spoke policies, also try pinging out to the spoke with your trusted interface as the source.



  • 3.  RE: VPN Hub and Spoke

    Posted 06-12-2012 19:01

    The spoke has no policy it just modem + router, the strange is when i try to ping from the client behind the Hub with the destination is client behind the spoke, i dont see any traffic goes out, if I check log from policy in the Hub.

     

    meanwhile, the zone for the tunnel in the zone i choose for the policy for this traffic, and the routing for the client behind the spoke already set into the tunnel interface....any clue ??



  • 4.  RE: VPN Hub and Spoke

    Posted 06-13-2012 01:41

    Hi,

     

    Can you share the configuration on both sides?

    A debug can be tried on the HUB side to confirm if it is routing the packets as desired.

     

    Thanks.

    Hardeep



  • 5.  RE: VPN Hub and Spoke
    Best Answer

     
    Posted 06-13-2012 06:44

    If you are not seeing any traffic in the policy log then that is probably where the issue is.

     

    Have you got the "from" and "to" zones correct? If you have created a seperate zone then this could be the issue.



  • 6.  RE: VPN Hub and Spoke

    Posted 06-14-2012 00:23

    Hi,

     

    Are the tunnel routes active (marked with *) when you display them with get route?