Screen OS

Hi all,

The data not passing through the vpn when external dial up user with private ip segment same with the company's internal segment.  Let's say, i try to connect in my house by Internet with private ip 192.168.x.x to my office with private ip 192.168.x.x as well. The result turned out to be tunnel connected but data not passing through. Can anyone teach me how to set up dial up vpn with virtual ip assigned by juniper firewall?

Hi!

If a subnet or a range of IPs from the office LAN is used for addressing of the dial up vpn users, this subnet/range must be explicitly routed back to the firewall on all servers that have to be reachable through the vpn. Another option is to configure static ARPs for these IPs on the trust interface. That's why it is always better to use a separate network for the dial up vpn users.

You can dynamically assign IPs (also DNS and WINS addresses if supported by the client) to the dial up users if they are configured as IKE+XAuth users. You should configure an IP pool (Objects --> IP Pools) and select it under VPNs --> XAuth settings. I would recommend to read ScreenOS Concepts & examples, Virtual private networks, Chapter 5. A good example can be found under the title "Shared IKE ID". It should be read in combination with C&E , User Authentication, Chapter 5 "XAuth Users and User Groups".

Kind regards,

Edouard

Hi,

Thx for your advice, i managed to solve the problem.