SRX Services Gateway
SRX Services Gateway

Dyn VPN with SRX behind NAT Device, and Split Tunnel

09.11.17   |  
‎09-11-2017 12:46 AM

Hi,

 

I'm trying to establish a Dynamic VPN which the SRX is behind a 1-to-1 NAT Device, whith Split tunnel enabled.

 

The connection is successfull, but im experiencing a weird behavior.

The internet browsing is not working, meanwhile, i'm able to ping any public IPs.

btw, i have the below dns command:

set access address-assignment pool dyn-vpn-address-pool family inet xauth-attributes primary-dns dns_ip_address

 

Any idea

 

Thank you

2 REPLIES
Highlighted
SRX Services Gateway

Re: Dyn VPN with SRX behind NAT Device, and Split Tunnel

09.11.17   |  
‎09-11-2017 02:47 AM

I think you are saying that you can ping internet ip addresses but that your web browsing is not working.

 

This would indicate that the DNS server is not working for your connection.  You can confirm this by doing some manual nslookup commands while connected to the vpn.

 

Make sure your configured dns server is reachable to your pool address.  And there are security policies in place that permit the connection to the DNS server.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
SRX Services Gateway

Re: Dyn VPN with SRX behind NAT Device, and Split Tunnel

09.11.17   |  
‎09-11-2017 04:20 AM

It worked,

one of the internal network is 192.168.8.x and it was added to the protected network.

this range overlap with my 4G modem DHCP, i changed them and it worked fine.

 

Thank you