07-28-2008 01:59 AM
Actually when u use 0.0.0.0/0 in remote party identity on NSR (u should configure route based dialup VPN on SSG) then all traffic (tunneled traffic, internet traffic, LAN traffic) will pass through tunnel. u can access internet through proxy or untrust to untrust traffic with source NAT on SSG.
07-28-2008 04:46 AM
I do have a route base VPN and all traffic does go over the tunnel. That is currently my problem all traffic goes over the tunnel. I cannot access local resources such as printers, routers, and other network devices on the local LAN. I need to be able to access the local LAN as well as Corporate resources.
Thanks you for your kind help.
07-30-2008 06:16 PM
You might have to use a different client other than netscreen remote. Have a look at http://www.shrew.net/ it is a free IPsec client so you can try it out. Think that this allows you to send multiple networks down a tunnel, you will then have to do a bit of trial and error on the firewall side. You will have to see what Proxy-IP is being sent by the client and then add that to the Phase 2 config to be able to get the VPN to connect (use your existing route based vpn setup that you have).
I havent tried this bit of software and cant test it as I dont have access to a netscreen firewall at the moment, but might help as the site says that its compatible. Let me know if you need some help wth the config.