Discussion:
Netscreen vpn
sunnyday
2008-05-17 10:02:50 UTC
Permalink
Hello I have configured a dialup vpn and successfully created the tunnel and
received ip address but I cannot manage to ping the netscreen`s

Trust interface. The ip address the vpn has is 10.250.250.1 and the trust
interface is 192.168.10.1. I tried with static routes and policies

With no result can you please help me out with this one?

Thank you
Stefan Fouant
2008-05-17 15:57:43 UTC
Permalink
There is just not enough information supplied to determine the
problem. Is the tunnel interface bound to the Trust zone, or the
Untrust zone? If it's bound to the Trust zone and you haven't
explicity blocked intrazone traffic then you don't need a policy. Are
you using any other Virtual-Routers other than the Trust-VR? If so,
you'll need to configure Inter-VR routing. Have you enabled ping on
the Trust interface? I think it's enabled by default on the Trust
interface but you might want to double check. Can you describe your
configuration in more detail?

Stefan Fouant
Post by sunnyday
Hello I have configured a dialup vpn and successfully created the tunnel and
received ip address but I cannot manage to ping the netscreen`s
Trust interface. The ip address the vpn has is 10.250.250.1 and the trust
interface is 192.168.10.1. I tried with static routes and policies
With no result can you please help me out with this one?
Thank you
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
sunnyday
2008-05-17 16:07:07 UTC
Permalink
I have only the default virtual routers the untrust zone is in trust vr
I have configured the vpn and a bidirectional policy:
from untrust to trust
source dialup vpn destination any
action tunnel
what do I need to configure next to have access to the local network?

-----Original Message-----
From: Stefan Fouant [mailto:***@gmail.com]
Sent: Saturday, May 17, 2008 6:58 PM
To: sunnyday
Cc: Juniper-Nsp; ***@compsoc.com
Subject: Re: [j-nsp] Netscreen vpn

There is just not enough information supplied to determine the
problem. Is the tunnel interface bound to the Trust zone, or the
Untrust zone? If it's bound to the Trust zone and you haven't
explicity blocked intrazone traffic then you don't need a policy. Are
you using any other Virtual-Routers other than the Trust-VR? If so,
you'll need to configure Inter-VR routing. Have you enabled ping on
the Trust interface? I think it's enabled by default on the Trust
interface but you might want to double check. Can you describe your
configuration in more detail?

Stefan Fouant
Post by sunnyday
Hello I have configured a dialup vpn and successfully created the tunnel and
received ip address but I cannot manage to ping the netscreen`s
Trust interface. The ip address the vpn has is 10.250.250.1 and the trust
interface is 192.168.10.1. I tried with static routes and policies
With no result can you please help me out with this one?
Thank you
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
Stefan Fouant
2008-05-17 16:25:35 UTC
Permalink
Sounds like you've got most of it set up. If your tunnel interface is
bound to the Trust zone and you haven't enabled the blocking of
Intra-Zone traffic 'Network > Zones > Edit Trust Zone', then you don't
need policy. If that's the case then it's most likely a routing
issue... can you display the relevant config bits for the tunnel
config, interfaces, zones, routing, and policy?

Stefan Fouant
Post by sunnyday
I have only the default virtual routers the untrust zone is in trust vr
from untrust to trust
source dialup vpn destination any
action tunnel
what do I need to configure next to have access to the local network?
-----Original Message-----
Sent: Saturday, May 17, 2008 6:58 PM
To: sunnyday
Subject: Re: [j-nsp] Netscreen vpn
There is just not enough information supplied to determine the
problem. Is the tunnel interface bound to the Trust zone, or the
Untrust zone? If it's bound to the Trust zone and you haven't
explicity blocked intrazone traffic then you don't need a policy. Are
you using any other Virtual-Routers other than the Trust-VR? If so,
you'll need to configure Inter-VR routing. Have you enabled ping on
the Trust interface? I think it's enabled by default on the Trust
interface but you might want to double check. Can you describe your
configuration in more detail?
Stefan Fouant
Post by sunnyday
Hello I have configured a dialup vpn and successfully created the tunnel
and
Post by sunnyday
received ip address but I cannot manage to ping the netscreen`s
Trust interface. The ip address the vpn has is 10.250.250.1 and the trust
interface is 192.168.10.1. I tried with static routes and policies
With no result can you please help me out with this one?
Thank you
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
sunnyday
2008-05-17 16:16:29 UTC
Permalink
And another question how can I tell to which zone the tunnel interface is
bound?

-----Original Message-----
From: Stefan Fouant [mailto:***@gmail.com]
Sent: Saturday, May 17, 2008 6:58 PM
To: sunnyday
Cc: Juniper-Nsp; ***@compsoc.com
Subject: Re: [j-nsp] Netscreen vpn

There is just not enough information supplied to determine the
problem. Is the tunnel interface bound to the Trust zone, or the
Untrust zone? If it's bound to the Trust zone and you haven't
explicity blocked intrazone traffic then you don't need a policy. Are
you using any other Virtual-Routers other than the Trust-VR? If so,
you'll need to configure Inter-VR routing. Have you enabled ping on
the Trust interface? I think it's enabled by default on the Trust
interface but you might want to double check. Can you describe your
configuration in more detail?

Stefan Fouant
Post by sunnyday
Hello I have configured a dialup vpn and successfully created the tunnel and
received ip address but I cannot manage to ping the netscreen`s
Trust interface. The ip address the vpn has is 10.250.250.1 and the trust
interface is 192.168.10.1. I tried with static routes and policies
With no result can you please help me out with this one?
Thank you
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
Stefan Fouant
2008-05-17 16:22:33 UTC
Permalink
'get interface' from the CLI or 'Network > Interfaces' from the WebUI.

Stefan Fouant
Post by sunnyday
And another question how can I tell to which zone the tunnel interface is
bound?
-----Original Message-----
Sent: Saturday, May 17, 2008 6:58 PM
To: sunnyday
Subject: Re: [j-nsp] Netscreen vpn
There is just not enough information supplied to determine the
problem. Is the tunnel interface bound to the Trust zone, or the
Untrust zone? If it's bound to the Trust zone and you haven't
explicity blocked intrazone traffic then you don't need a policy. Are
you using any other Virtual-Routers other than the Trust-VR? If so,
you'll need to configure Inter-VR routing. Have you enabled ping on
the Trust interface? I think it's enabled by default on the Trust
interface but you might want to double check. Can you describe your
configuration in more detail?
Stefan Fouant
Post by sunnyday
Hello I have configured a dialup vpn and successfully created the tunnel
and
Post by sunnyday
received ip address but I cannot manage to ping the netscreen`s
Trust interface. The ip address the vpn has is 10.250.250.1 and the trust
interface is 192.168.10.1. I tried with static routes and policies
With no result can you please help me out with this one?
Thank you
_______________________________________________
https://puck.nether.net/mailman/listinfo/juniper-nsp
Continue reading on narkive:
Loading...