dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3027
share rss forum feed


aa2k

join:2000-10-06
Damascus, MD

VPN configuration (L2TP/IPSec-Dial-up SSG5) help

Click for full size
pots
Click for full size
policy 'traffic denied'
Click for full size
ports
Click for full size
policy 5 denies traffic
downloadssg5.log 32,951 bytes
debug log
downloadssg5_cfg.txt 6,147 bytes
ssg5 configuration
 
Hi,

On my first scenario I am already using (which works perfectly) I use the 'Untrust' port et0/0 and the 'trust' group0 for the other ports - this VPN works great btw, so no problem here.

but..

On this new scenario, I move all the ports to one single group on one zone 'trust' to create a VPN connection with Shrew client software, all ports in a group (group0) - see figure 'ports' and I am stuck for some reason.. maybe someone here can chime some light, I am sure is something very simple..

So basically I am trying to do a vpn connection for inbound/outbound to the same zone.

The connection with the client establishes just fine - the tunnel is UP - so I am connected but I cant ping anything.. I see the Dial-up policy is denying traffic but matter what i do or try I cant get it working.. maybe someone can suggest something I am missing...

attached are the debug log and the configuration file..

thanks for looking..


aa2k

join:2000-10-06
Damascus, MD

EDIT:
Problem Solved, solution is not to use "Dial-UP VPN" policy but use route instead as suggested here by creating a tunnel.1 interface (but changing it according to the trust-trust interface not as Untrust-trust like the article reads):

»kb.juniper.net/InfoCenter/index?···=KB15272