ScreenOS Firewalls (NOT SRX)
Reply
Visitor
shivaboodoo
Posts: 6
Registered: ‎08-18-2009
0

VPN MIP

Hi I have setup a vpn between both sites (SSG50 and SSG5) they have overlapping subnets so I used MIP,the VPN is connecting fine but when I try to ping the LAN connected to E0/0 that is connected to SSG5 (ie MIP address   10.4.0.0/21 to 10.1.0.0) I don't get a reply I can only ping the interface e0/0 mip ip  10.4.2.231(ie 10.1.2.231) and any suggestions nb I can ping any adress from the ssg50 mip but I cannot ping any MIp ip from the ssg20 

 

 

Distinguished Expert
Screenie
Posts: 1,081
Registered: ‎01-10-2008
0

Re: VPN MIP

The outbound traffic will be hit by any any any permit or something. For inbound you need to write a policy with the MIP as destination. Did you forget this maybe?

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Visitor
shivaboodoo
Posts: 6
Registered: ‎08-18-2009
0

Re: VPN MIP

Hi, thanks for the reply,I did not forget to put a policy for the MIP,when I check to log for the policy the ips are being  transulated ie from 10.4.0.0 /21to 10.1.0.0/21 but the packet is being drop from creation and not being forwarded
Distinguished Expert
Screenie
Posts: 1,081
Registered: ‎01-10-2008
0

Re: VPN MIP

You mean you see creation in the policy log, that's good! What is the close reason for the session?
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.