ScreenOS Firewalls (NOT SRX)
Reply
Visitor
ryanlow81527
Posts: 7
Registered: ‎08-26-2009
0

traffic passing thru vpn tunnel but not logging at the other end

i have setup a site-to-site vpn between 2 ssg and tunnel is established. from the logging, the traffic from ssg A is passing thru the tunnel. but at the ssg B, there is no incoming traffic from ssg A. same thing happen from ssg B to ssg A. anyone can help? 

Super Contributor
mnarine
Posts: 179
Registered: ‎10-03-2009
0

Re: traffic passing thru vpn tunnel but not logging at the other end

Are you saying traffic is not passing through or traffic is traversing the tunnel but you are not logging any traffic?  Most common issue I've seen is not using the correct zones.  If you you are using route based VPN, confirm the tunnel interface is in the correct zone.  By default, when creating a tunnel interface, it places the interface in the TRUST zone so your policy will be TRUST > TRUST, which is allowed by default (IntraZone policy) and if you're logging from UNTRUST > TRUST and vice versa, you will not see traffic match because the tunnel interface is not in the UNTRUST zone.

 

If that's not it, provide some additional details about the configuration and if possible, post your configuration (specific to the VPNs).

 

-Mike

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.