ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Shrew VPN -> Juniper ... then.... Traffic Denied

06.15.11   |  
‎06-15-2011 08:48 AM

Hello All,

 

We have a shrew soft vpn that appears to be working just fine..... when we look at the corresponding policy log within the Juniper SSG 520 we can see our activity.....

 

policy:

source:

[V1-Untrust/Dial-Up VPN]

 

destination:

[V1-Trust/10.1.1.0/24]

 

BUT.... the activity is all Traffic Denied..... (trying to do ANYTHING between any 10.1.1.* ip address)

 

example:  pinging from 10.1.1.6 TO 10.1.1.2 gives the following policy log entry:

 

[datetime][source address port][destination address port][translated source][translated destin][service][duration][bytes sent][bytes received][close reason]

 

 

[11:40][10.1.1.6:25][10.1.1.2.1][0.0.0.0:0][0.0.0.0:0][ICMP][0 sec.][0][40][traffic denied]

 

 

 

help!

3 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Shrew VPN -> Juniper ... then.... Traffic Denied

[ Edited ]
06.22.11   |  
‎06-22-2011 04:44 PM

Hi,

 

when the device is not in transparent mode, the zone is untrust not v1-untrust.

please also take a look , where your dial-up vpn client  is terminating in whitch zone...

 

i can also post a working config (non transparent mode)....if you wish..

 

Regards

 

-PIccolo
ScreenOS Firewalls (NOT SRX)

Re: Shrew VPN -> Juniper ... then.... Traffic Denied

06.30.11   |  
‎06-30-2011 08:58 AM

We discovered that our 'randomly' created ip address grouping (behind firewall) was not defined as a vlan

ScreenOS Firewalls (NOT SRX)

Re: Shrew VPN -> Juniper ... then.... Traffic Denied

05.10.14   |  
‎05-10-2014 12:52 PM

Hi

 

I have the same problem. Can you explain me, how do you resolved it?

 

Regards,

 

Claudio-