Hello guys,
I have a strange problem with a VPN configuration.
I have a SITEA with a SSG5 wiht an one interface ip (bgroup0) 10.20.130.5 and the default gateway is 10.10.130.252. The ssg5 is able to reach the network 192.168.1.0/24 using the default gateway. So there is an unique interface up.
I have also a remote SITEB with the address 192.168.2.0/24 and also a juniper that I can not manage.
I created a VPN between the SITEB to SITEA and the only allowed traffic is from SITEB to SITEA.
The strange problem is that I can ping from 192.168.2.0/24 the network 192.168.1.0 but no others services are working.
I configured the VPN in the SSG5 as a route-based mode and I create a tunnel.1 ( Unnumbered interface bgroup0), I update the routing table adding : 192.168.2.0/24 gateway tunnel.1; I create a Auto-IKE with outgoing interface bgroup0 using a Proxy-id:
Source Network: 192.168.1.0 /24 Destination Network: 192.168.2.0/24 Service Any.
In the end I create a policy to permit the traffic from SITEB to SITEA. any service
So the VPN is UP but if I check the log of the policy, I see that all traffic is in close age out.
To be able to have a VPN up I disabled also the Anti Spoofing in the zone of the tunnel.1 because I saw a lot of errors about that.
Could you help me to find out a solution?
Thank you for the help.
Pazzeo