Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Shrew VPN -> Juniper ... then.... Traffic Denied

    Posted 06-15-2011 08:49

    Hello All,

     

    We have a shrew soft vpn that appears to be working just fine..... when we look at the corresponding policy log within the Juniper SSG 520 we can see our activity.....

     

    policy:

    source:

    [V1-Untrust/Dial-Up VPN]

     

    destination:

    [V1-Trust/10.1.1.0/24]

     

    BUT.... the activity is all Traffic Denied..... (trying to do ANYTHING between any 10.1.1.* ip address)

     

    example:  pinging from 10.1.1.6 TO 10.1.1.2 gives the following policy log entry:

     

    [datetime][source address port][destination address port][translated source][translated destin][service][duration][bytes sent][bytes received][close reason]

     

     

    [11:40][10.1.1.6:25][10.1.1.2.1][0.0.0.0:0][0.0.0.0:0][ICMP][0 sec.][0][40][traffic denied]

     

     

     

    help!


    #shrewvpntrafficdenied


  • 2.  RE: Shrew VPN -> Juniper ... then.... Traffic Denied

    Posted 06-22-2011 16:45

    Hi,

     

    when the device is not in transparent mode, the zone is untrust not v1-untrust.

    please also take a look , where your dial-up vpn client  is terminating in whitch zone...

     

    i can also post a working config (non transparent mode)....if you wish..

     

    Regards

     



  • 3.  RE: Shrew VPN -> Juniper ... then.... Traffic Denied
    Best Answer

    Posted 06-30-2011 08:58

    We discovered that our 'randomly' created ip address grouping (behind firewall) was not defined as a vlan



  • 4.  RE: Shrew VPN -> Juniper ... then.... Traffic Denied

    Posted 05-10-2014 12:52

    Hi

     

    I have the same problem. Can you explain me, how do you resolved it?

     

    Regards,

     

    Claudio-