Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Problem with VPN communication between 2 NS5XTs

    Posted 05-19-2009 11:08

    I have 2 locations with static IPs with a NS5XT on each side. They have a VPN between each other that was created by the vpn wizard. The issue I'm having is that I can ping and connect via remote desktop using ip addresses from one side (garage network of 192.168.0.0) to the other (colonial network of 192.168.1.0) but can't ping or connect from the colonial network to the garage network. Both devices have both "Trust" to "Untrust" & "Untrust" to "Trust" to the other network with the Any policy.

     



  • 2.  RE: Problem with VPN communication between 2 NS5XTs
    Best Answer

    Posted 05-19-2009 12:14

    Hi,

     

    I would make sure the VPN is up using "get sa" from the CLI.  If the VPN is up, I would check to make sure the Policy is at the top (get pol from trust to untrust).  If it's not, the first policy would match and your traffic might not be encrypted across the tunnel.

     

    -John



  • 3.  RE: Problem with VPN communication between 2 NS5XTs

    Posted 05-20-2009 08:18

    Hi Guys,

     Thank you for the help. I policys were at the bottom of the lists. I moved them to the top and now it seems to work. I would have never thought to move them. Thanks again.

     

    Mike



  • 4.  RE: Problem with VPN communication between 2 NS5XTs

    Posted 05-19-2009 12:57

    Sounds like a policy issue. Can you access the firewall via CLI and show the config for both side?

     

    get conf | i ike

    get conf | i vpn

     

    and the policy as well.