Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.
Back to discussions
Expand all | Collapse all

unable to pass the untrust interface (internet) traffic to route based vpn tunnel (tunnel interface)

  • 1.  unable to pass the untrust interface (internet) traffic to route based vpn tunnel (tunnel interface)

    Posted 12-10-2012 03:16

    Hi,

     

      I am using Juniper 550M with Ver 6.1 in central site and netscreen 208 with Ver 4.0 in remote site.

     

    Remote Site : I have configured 2 subnets in trust zone and  untrust zone configured for internet traffic. Perhaps, i configured the Route Based VPN with vertual tunnel interface using prive static IP in both side.  The same configuration was done in central site also. I NATed the internet IP in untrust zone (untrust interface) in remote site to access the central site's server.

     

    But the internet traffic was reached the untrust interface which was NATed interface. After that the traffic is not able to reach  the central site via route based VPN.

     

    Pls. provide any solution to solve my problem.  The thing is that i want to NAT the internet IP in romote site to access central server via route based VPN tunnel.

     

    Thanks,

     

    Sasikumar.

     

     



  • 2.  RE: unable to pass the untrust interface (internet) traffic to route based vpn tunnel (tunnel interface)
    Best Answer

     
    Posted 12-10-2012 21:07

    Hi,

     

    For Natting regarding central server you need to configure that on the tunnel interface of emote site  rather than on untrust interface and point the route for central server to tunnel interface. That way you can saggregate your internet traffic from traffis to Central server.

     

    Also NS208 is on a very old (EOL) firmware, I would recommend upgrading to avoid any issues in future.

     

    Regards

    Sarab