ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Mobile VPN with SSG not being default gateway.

06.04.12   |  
‎06-04-2012 12:48 AM



I would like to set up a SSG5 to be a VPN-gateway, but not default GW. That would be easiest if the VPN-clients would be represented with an internal ip-adresse (like with SA's or MS-VPN).

Can that be done?


An alternative could be to give then an ip-adresse from a known range and then set up static routes on the server, for that.

I have tried the last solution by using xauth, but it does not seem to work.


If I change the default gateway of a server I can get traffic trought, but I just enter a static router I will not.

If I traceroute to the address range of the vpn-clients from the server it does get routed corectely.


Can anyone help me find the best sollution (now I can't get permission to buy a SA)?