ScreenOS Firewalls (NOT SRX)
Reply
Visitor
m.tutie
Posts: 2
Registered: ‎08-09-2010
0

VPN using NHTB

[ Edited ]

I use SSG550M. screenos6.2.0r5.0, Type: Firewall+VPN


I build VPN using NHTB,
Indication is gone from WEB screen when I set nearly 850 on NHTB table.
The setting is spent by the get config command, and the operative top does not have any problem, too.

 

Why will what I cannot display to WEB screen be?

I tried both of IE8,firefox,opera, but am not displayed....

Recognized Expert
aweck
Posts: 255
Registered: ‎07-24-2009
0

Re: VPN using NHTB

What screen are you browsing to to view the NHTB?  I can see it via a web browser on a FW running 6.2r10. 

 

Network -> Interfaces -> 'edit' on tunnel.X -> 'NHTB' from Properties links on top

Juniper Elite Partner
JNCIE-ENT #63, JNCIE-SP #705, JNCIE-SEC #17, JNCIS-FWV, JNCIS-SSL
Visitor
m.tutie
Posts: 2
Registered: ‎08-09-2010
0

Re: VPN using NHTB

Hi aweck.

 

Thank you for comment.

 

A list was displayed by WEB browser  when I set NHTB to about 300 base.

 

------ Extract of the config -----------------------------------------------------------
set ike p1-proposal "VPN-p1" preshare group2 esp 3des sha-1 day 1
set ike p2-proposal "VPN-P2" no-pfs esp 3des sha-1 hour 1

set ike gateway "VPN01" address 0.0.0.0 id "VPN01" Aggr outgoing-interface "ethernet0/2" preshare "XXXXXXXXXX" proposal "VPN-p1"
unset ike gateway "VPN01" nat-traversal
set ike gateway "VPN02" address 0.0.0.0 id "VPN02" Aggr outgoing-interface "ethernet0/2" preshare "XXXXXXXXXX" proposal "VPN-p1"
unset ike gateway "VPN02" nat-traversal
** Setting like a thing of following 800....... **

 

set vpn "VPN01" gateway "VPN01" no-replay tunnel idletime 0 proposal "VPN-P2"
set vpn "VPN01" id 0x1 bind interface tunnel.10
set vpn "VPN01" dscp-mark 0
set interface tunnel.10 nhtb 10.11.1.1 vpn "VPN01"
set vpn "VPN02" gateway "VPN02" no-replay tunnel idletime 0 proposal "VPN-P2"
set vpn "VPN02" id 0x2 bind interface tunnel.10
set vpn "VPN02" dscp-mark 0
set interface tunnel.10 nhtb 10.11.2.10 vpn "VPN02"
** Setting like a thing of following 800....... **

 

set vpn "VPN01" proxy-id local-ip 172.16.2.200/29 remote-ip 10.11.1.0/24 "ANY"
set vpn "VPN02" proxy-id local-ip 172.16.2.200/29 remote-ip 10.11.2.0/24 "ANY"
** Setting like a thing of following 800....... **

 

set route 10.11.1.0/24 interface tunnel.10 gateway 10.11.1.1
set route 10.11.2.0/24 interface tunnel.10 gateway 10.11.2.10
** Setting like a thing of following 800....... **

 

 

Regards,

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.