Screen OS

I wan to configure netscreen remote vpn client with source based routing ssg-320 on the HO site. The netscreen remote is able to connect to the HO while authenticating from the firewal/IAS, but is unable to access any resources in the HO. The refernce documents i used were

http://kb.juniper.net/kb/documents/public/ApplicationNotes/Technical/ScreenOS%204.0.0/dialupvpn_xauth_ias.htm

and

 

 http://www.corelan.be:8800/index.php/2009/01/22/juniper-netscreen-remote-dial-up-vpn-with-ad-radius-authentication-and-route-based-vpn-tunnel-interface/

 

The configuration on HO ssg-320 is also attached.

 

can any one have a clue

 

 

 

#HO-not-working

you are requiring your users to authenticate again when they are connected to VPN

 

set policy id 36 from "Remote Dial In Zone" to "Trust"  "10.90.1.0/24" "local-lan" "ANY" permit auth server "Local" user-group "teo-intl" log
set policy id 36
set log session-init

Can you disable  this requirement and see if that helps ?

 

Also, do you see anything usefull in a debug flow basic ?

 

 

 

The part of the config you are refering to is working as i am able to authenticate through the firewall/IAS server and can see a yellow key above the blue icon of netscreen remote

I'm not sure - because the policy has nothing to do with the VPN

You are using route based VPN, so the policy only allows or stops traffic inside the tunnel

 

users can authenticate, which is because the dial up vpn is configured correctly

 

but I'm pretty sure the policy is stopping users from connecting to internal resources

 

can you disable the auth part in the policy and see if it works then ?

 

 

 

Ok i will disable authentication on the policy and then see the result. Will get back to you by tomorrow. Also i can't see much in debug flow basic command.

Thanks for the support. The issue got resolved by modifing the policy and disabling authentication on the policy.