Screen OS

I have two 5gt ADSL 's configured with a route based VPN between the two sites. The VPN it self is passing data fine and everything has been running for about a year  (Long enough for the support contact to have run out on the units.....) Lately we have been getting some static on the voice calls across the link. Because it is reasonably new issue thought we would monitor the traffic and see if we can pin point a problem and put an extra policy etc in place to help minimise it.

 

My problem is that according to the policies there is NO traffic being passed at least there is non being logged. I know the link is working as I can call the other end and access their computers. However I can't get it to log traffic. It logs traffic to the net but not across the link. This is happening on both boxes on multiple policies.

 

Yes Logging is enabled - so is at session beginning.

No the trafic is not appearing in another policy either below or above.

 

Software version is : 5.3.0r4.0

 

Any ideas?

Hi, You mention that you are using a route based vpn. Which zone is the tunnel interface in. Is it in the same zone as where the traffic is generated. ie both in the trust zone? If they are in the same zone then it wont hit a policy unless you have intra-zone blocking on. You could do a debug flow basic to find out if the firewall is hitting the right policy.

You are fantastic.

 

This was my first Juniper setup and had customer support help me set it up. Looks like we set up the Tunnel interfaces in the Trust Zone. Not the untrust (or a completely different on that I make) which is how I usually do it. I remember when we were first setting it up the tech was having trouble figuring out how to show me the link was active becuase none of the policies were showing anything. We had to resort to pinging the equipment at the different ends.

 

Because both ends of the tunnel have different subnets I just created a few trust intra-zone policies and now I can see all.

 

Thanks a heap.