[j-nsp] Netscreen vpn

Stefan Fouant sfouant at gmail.com
Sat May 17 12:25:35 EDT 2008 

Sounds like you've got most of it set up.  If your tunnel interface is
bound to the Trust zone and you haven't enabled the blocking of
Intra-Zone traffic 'Network > Zones > Edit Trust Zone', then you don't
need policy.  If that's the case then it's most likely a routing
issue... can you display the relevant config bits for the tunnel
config, interfaces, zones, routing, and policy?

Stefan Fouant

On Sat, May 17, 2008 at 12:07 PM, sunnyday <cscosunny at gmail.com> wrote:
> I have only the default virtual routers the untrust zone is in trust vr
> I have configured the vpn and a bidirectional policy:
>  from untrust to trust
>  source dialup vpn destination any
>  action tunnel
> what do I need to configure next to have access to the local network?
>
> -----Original Message-----
> From: Stefan Fouant [mailto:sfouant at gmail.com]
> Sent: Saturday, May 17, 2008 6:58 PM
> To: sunnyday
> Cc: Juniper-Nsp; nn at compsoc.com
> Subject: Re: [j-nsp] Netscreen vpn
>
> There is just not enough information supplied to determine the
> problem.  Is the tunnel interface bound to the Trust zone, or the
> Untrust zone?  If it's bound to the Trust zone and you haven't
> explicity blocked intrazone traffic then you don't need a policy.  Are
> you using any other Virtual-Routers other than the Trust-VR?  If so,
> you'll need to configure Inter-VR routing.  Have you enabled ping on
> the Trust interface?  I think it's enabled by default on the Trust
> interface but you might want to double check.  Can you describe your
> configuration in more detail?
>
> Stefan Fouant
>
> On Sat, May 17, 2008 at 6:02 AM, sunnyday <cscosunny at gmail.com> wrote:
>>
>>
>> Hello I have configured a dialup vpn and successfully created the tunnel
> and
>> received ip address but I cannot manage to ping the netscreen`s
>>
>> Trust interface. The ip address the vpn has is 10.250.250.1 and the trust
>> interface is 192.168.10.1. I  tried with static routes and  policies
>>
>> With no result  can you please help me out with this one?
>>
>> Thank you
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>

More information about the juniper-nsp mailing list