Screen OS

I have a terminal that has succesfully established and connected a VPN to my netscreen firewall with Ike user (using netscreen remote). However it can only connect to network 192.168.1.x - I've been unsuccesful in trying to connect to my other networks 192.168.2.x, 192.168.3.x, etc.

 

Any pointers on how to procede? Thanks!

Hi,

 

What is the network and subnet mask that you have configured on your netscreen remote client??

 

If you configured 192.168.1.0/24 then it will only route 192.168.1.0 network down the vpn. If you want to access other subnets then you need to do 192.168.0.0/16, this will send all 192.168.x.0 networks down the tunnel.

 

Remember you will also have to change the policy on the firewall to match the new subnet 192.168.0.0/16

 

Regards

 

Andy

Thanks! My local support company couldn't figure this one out for 6 weeks now! I myself have had to learn and read manuals upon manuals, trying out different aproaches... thank you very much!

Hi TipPeru,

 

You need to be careful with the proxy ID's on this issue. Using a /16 should work as a solution though. Just make sure that the proxy-IDs match on the firewall too.

 

Regards,

A.

Hi all,

The solution assumes you can summarize to /16. What if summarization is not desired or not possible for various reasons. I have similar problem where I initially had one internal segment accessible. I now want another discontiguous segment to be added. When I try to add the new subnet in the policy, I get an error message "Multiple addresses/services are not supported at current stage for bidirectional VPN policy".

 

Any pointers on what I need to do.

  

Thanks,

/Dan