ScreenOS Firewalls (NOT SRX)
Reply
Visitor
Smurfy0815
Posts: 4
Registered: ‎04-09-2009
0

VPN Issue

Hello, I'm a Newbie to FW + Networks; I tried to configure my SSG5 to get access via Shrew-VPN Client to our Network,

I used the documentation (Chapter 5: Dialup Virtiual Private Networks) and the client is able to establish a tunnel; 

But it only connects to the ip-Adress of our IPS and I'm not able to connect to any of the devices in our lan!

 

I think there is a issue with a route or something

 

Could anybody give me a hint

 

Thanks 

Bernd

Distinguished Expert
Screenie
Posts: 1,086
Registered: ‎01-10-2008
0

Re: VPN Issue

My guess is you configured a host address in the VPN policy not a network, but it's not more then a (wild) guess.
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 789
Registered: ‎07-26-2008
0

Re: VPN Issue

Hmm, could you post relevant config, we can take a look.

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Visitor
nces
Posts: 3
Registered: ‎04-15-2009
0

Re: VPN Issue

Hi,

I have the exact same proble, in the meantime i've recomended user to use netscreen remote, but i'm still trying to make it work.

 

So far what i have noted the following:

 

1. Configuration on Juniper side (with xauth) is ok (at least it works with netscreen remote without any changes).

2. When Shrew connects, it get's an IP address from the pool;

3. Althoug the vpn client states that it is connected, if you do an "get sa" on the juniper device, you find out that there is no connection...

4. No traffic logs are generated.

 

Any sugestions?

Trusted Expert Trusted Expert
Trusted Expert
WL
Posts: 789
Registered: ‎07-26-2008
0

Re: VPN Issue

can you check the "get event" that will usually tell you the state.

The log viewer in the NSR will also tell you more about the debugs as well.

****pls click the button " Accept as Solution" if my post helped to solve your problem****
Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: VPN Issue

Hi,

 

Could u share your juniper device config and remote client config ?

 

try to modify your policy => policy from untrust to trust with source dial up user, destination any, service any and use "nat source using engress interface"

 

 

 

Thanks,

 

Indra Elkim

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.