[j-nsp] Netscreen vpn

sunnyday cscosunny at gmail.com
Sat May 17 12:07:07 EDT 2008


I have only the default virtual routers the untrust zone is in trust vr 
I have configured the vpn and a bidirectional policy:
 from untrust to trust
 source dialup vpn destination any 
 action tunnel
what do I need to configure next to have access to the local network?

-----Original Message-----
From: Stefan Fouant [mailto:sfouant at gmail.com] 
Sent: Saturday, May 17, 2008 6:58 PM
To: sunnyday
Cc: Juniper-Nsp; nn at compsoc.com
Subject: Re: [j-nsp] Netscreen vpn

There is just not enough information supplied to determine the
problem.  Is the tunnel interface bound to the Trust zone, or the
Untrust zone?  If it's bound to the Trust zone and you haven't
explicity blocked intrazone traffic then you don't need a policy.  Are
you using any other Virtual-Routers other than the Trust-VR?  If so,
you'll need to configure Inter-VR routing.  Have you enabled ping on
the Trust interface?  I think it's enabled by default on the Trust
interface but you might want to double check.  Can you describe your
configuration in more detail?

Stefan Fouant

On Sat, May 17, 2008 at 6:02 AM, sunnyday <cscosunny at gmail.com> wrote:
>
>
> Hello I have configured a dialup vpn and successfully created the tunnel
and
> received ip address but I cannot manage to ping the netscreen`s
>
> Trust interface. The ip address the vpn has is 10.250.250.1 and the trust
> interface is 192.168.10.1. I  tried with static routes and  policies
>
> With no result  can you please help me out with this one?
>
> Thank you
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



More information about the juniper-nsp mailing list