ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

VPN MIP

08.19.09   |  
‎08-19-2009 04:55 PM

Hi I have setup a vpn between both sites (SSG50 and SSG5) they have overlapping subnets so I used MIP,the VPN is connecting fine but when I try to ping the LAN connected to E0/0 that is connected to SSG5 (ie MIP address   10.4.0.0/21 to 10.1.0.0) I don't get a reply I can only ping the interface e0/0 mip ip  10.4.2.231(ie 10.1.2.231) and any suggestions nb I can ping any adress from the ssg50 mip but I cannot ping any MIp ip from the ssg20 

 

 

3 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: VPN MIP

08.20.09   |  
‎08-20-2009 12:54 PM

The outbound traffic will be hit by any any any permit or something. For inbound you need to write a policy with the MIP as destination. Did you forget this maybe?

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
ScreenOS Firewalls (NOT SRX)

Re: VPN MIP

08.20.09   |  
‎08-20-2009 05:27 PM
Hi, thanks for the reply,I did not forget to put a policy for the MIP,when I check to log for the policy the ips are being  transulated ie from 10.4.0.0 /21to 10.1.0.0/21 but the packet is being drop from creation and not being forwarded
Highlighted
ScreenOS Firewalls (NOT SRX)

Re: VPN MIP

08.27.09   |  
‎08-27-2009 11:56 AM
You mean you see creation in the policy log, that's good! What is the close reason for the session?
best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.