ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Trusted Expert
Trusted Expert
Kashif-rana
Posts: 416
Registered: ‎01-29-2008
0

Re: dialup VPN not passing traffic

Options

‎07-28-2008 01:59 AM

Hi Rick,

 

Actually when u use 0.0.0.0/0 in remote party identity on NSR (u should configure route based dialup VPN on SSG) then all traffic (tunneled traffic, internet traffic, LAN traffic) will pass through tunnel. u can access internet through proxy or untrust to untrust traffic with source NAT on SSG.


Thanks

Kashif Rana
00971555962393
JNCIE-SP#1428,JNCIE-SEC#55,JNCIP(SP,ENT,SEC),JNCIS(FWV,SSL),JNCIA(IDP,AC,WX),BIG IP-F5-LTM, CCNP
----------------------------------------------------------------------------------------------------------------------------------------

If this post was helpful, please mark this post as an "Accepted Solution".Kudos are always appreciated!
Message 21 of 24 (6,739 Views)
 
Reply
biker
Contributor
biker
Posts: 21
Registered: ‎05-07-2008
0

Re: dialup VPN not passing traffic

Options

‎07-28-2008 04:46 AM

I do have a route base VPN and all traffic does go over the tunnel. That is currently my problem all traffic goes over the tunnel. I cannot access local resources such as printers, routers, and other network devices on the local LAN. I need to be able to access the local LAN as well as Corporate resources.

 

 

Thanks you for your kind help.

Message 22 of 24 (6,735 Views)
 
Reply
Trusted Expert
Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008
0

Re: dialup VPN not passing traffic

Options

‎07-30-2008 06:16 PM

Hi,

 

You might have to use a different client other than netscreen remote. Have a look at http://www.shrew.net/ it is a free IPsec client so you can try it out. Think that this allows you to send multiple networks down a tunnel, you will then have to do a bit of trial and error on the firewall side. You will have to see what Proxy-IP is being sent by the client and then add that to the Phase 2 config to be able to get the VPN to connect (use your existing route based vpn setup that you have).

 

I havent tried this bit of software and cant test it as I dont have access to a netscreen firewall at the moment, but might help as the site says that its compatible. Let me know if you need some help wth the config.

 

Regards

 

Andy

 

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
Message 23 of 24 (6,698 Views)
 
Reply
biker
Contributor
biker
Posts: 21
Registered: ‎05-07-2008
0

Re: dialup VPN not passing traffic

Options

‎07-31-2008 08:43 AM

Thanks Andy

 

Thats a huge draw back in Netscreen Remote, I think anyway. I've open a ticket with Juniper but now sure if that will help. 

Message 24 of 24 (6,683 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.