dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


Damascus, MD

VPN configuration (L2TP/IPSec-Dial-up SSG5) help

Click for full size
Click for full size
policy 'traffic denied'
Click for full size
Click for full size
policy 5 denies traffic
downloadssg5.log 32,951 bytes
debug log
downloadssg5_cfg.txt 6,147 bytes
ssg5 configuration

On my first scenario I am already using (which works perfectly) I use the 'Untrust' port et0/0 and the 'trust' group0 for the other ports - this VPN works great btw, so no problem here.


On this new scenario, I move all the ports to one single group on one zone 'trust' to create a VPN connection with Shrew client software, all ports in a group (group0) - see figure 'ports' and I am stuck for some reason.. maybe someone here can chime some light, I am sure is something very simple..

So basically I am trying to do a vpn connection for inbound/outbound to the same zone.

The connection with the client establishes just fine - the tunnel is UP - so I am connected but I cant ping anything.. I see the Dial-up policy is denying traffic but matter what i do or try I cant get it working.. maybe someone can suggest something I am missing...

attached are the debug log and the configuration file..

thanks for looking..


Damascus, MD
Problem Solved, solution is not to use "Dial-UP VPN" policy but use route instead as suggested here by creating a tunnel.1 interface (but changing it according to the trust-trust interface not as Untrust-trust like the article reads):

»kb.juniper.net/InfoCenter/index? ··· =KB15272