Screen OS

I have read through all the discussion threads and KB articles relating to troubleshooting this issue and I still am not finding the solution.  I can successfully create the IPSec tunnel and can ping the Trust side interface as a previous post indicates that this is usually no problem as the Firewall/VPN device knows how to handle this traffic.  When I am logged into the Firewall/VPN device via ssh and perform a ping test to other devices on the Trust side, I get a positive response.  What am I missing? I have added my configuration to this post.  Please have a look at this.

Greatly frustrated but appreciative.

Hulk

Attachment(s)

_cfg.txt   4 KB 1 version

Hi Hulk,

Try the following :

- Edit your VPN policy

- Go in advanced configuration

- Activate the source NAT with Egress Interface

FAAANtastic.....not 100% sure why this is needed, but it worked and I don't care at this time to figure it out.  Someone should re-edit the steps for creating a Dial-up VPN to include this crucial step...

thanks a bunch

Hulk

Hi Hulk,

To be honnest, it s a workaround. I think there is a problem with the return flow in your case ( Perhaps a routing issue ).

By translating the source, all the networks think that the src ip is the Firewall ( and not the IPsec client ).  

Fair enough, workaround or not, I am just glad to see this is working. It seems odd that there is a routing issue with such a simple setup?  Is this related to the version of ScreenOS running on the Firewall/VPN device? What is even more unsettling is that I reset the original settings back into the policy, reset the device to flush any caching and I can still see the devices on the Trust side....confusing...U bet!!!

 Well, I am just going to chock this up to good old FM technology,or just needed a kickstart, and leave it for now.

thanks again for your input

Hulk