Screen OS

I need to reproduce this function in OS 6.2. It is step 5 in this FAQ.

http://kb.juniper.net/kb/documents/public/VPN/L2TP_Configuration_wo_IPSec.pdf.

TIA!

The other path for this option is:

Policy -- Policy Elements -- Addresses -- List

Thankx a ton. I am setting up a Win 7 VPN L2TP w/o IPSEC. The native client connects fine and has pool ip address. Problem is I cannot access network servers from VPN. Setup is the FAQ mentioned in the first post. TIA again.

-JS

Once you're connected and getting an IP from the pool, have you verified the route to the remote network goes over the L2TP connection?

Try running a "route print" from the command prompt and check the results.

Also, I assume the interface that you're terminating the connection on is in the Untrust zone and your internal network is in the Trust zone?  Maybe double-check the untrust->trust policy to make sure your IP pool for your clients is allowed through.

Thankx for the reply. I have an odd route entry. The pool IP has the untrust public ip as the gateway to the private lan. Policy looks good to me. (Identical to the KB link mentioned earlier). Ideas where to look where L2TP is picking up odd route? TIA!

-JS

---

@SSG5NooB wrote:

Thankx for the reply. I have an odd route entry. The pool IP has the untrust public ip as the gateway to the private lan. Policy looks good to me. (Identical to the KB link mentioned earlier). Ideas where to look where L2TP is picking up odd route? TIA!

---

What do you mean by "odd route?"  Could you post the results of the "route print" command?

I really appreciate the assist. I've looked at it so many times, I am loosing focus. 🙂 192.168.21.0 is the private LAN, 192.168.21.211 is the pool ip. TIA!

-JS

Attachment(s)

rp.txt   1 KB 1 version

A few questions:

Does your setup have the connection showing active as indicated on the firewall and windows computer commands on page 22 of your pdf setup document?

This is short of the reality check that the connection exists.

Are the server resources your client is trying to access in the same subnet that you are connected to as the ip pool?

192.168.21.0/24

If the servers are not in this segment you need to add a route on the pc for those addresses pointing at the l2tp gateway from above.

Thankx to all for the assist. I should have mentioned I am working with the same subnet. I have attached CLI and ipconfig info. The pc L2TP adaptor has no gateway.

JS

Attachment(s)

getl2tp.txt   769 B 1 version

Well, I've never configured l2tp so I don't know what this is suppose to work like.  But I notice the l2tp address in both your configuration and the example is a /32 single host mask.  So this means windows does not know about the rest of that /24 subnet from the raw information on the interface itself.

I'm thinking you need to install a route on the windows box to the remote nework to your l2tp interface. You'll need to google l2tp routing and your windows version to see how this is suppose to work.

Here is a thought if you want to just try and hack this together.  The command below is the temporarystatic route until reboot  command -p makes it permanent but in this case I think you would use a batch file to launch when connected and let it expire with the end of your windows session.

route add 192.168.21.0 mask 255.255.255.0 192.168.21.211