|

»

»

Netscreen at Compsoc.com

Netscreen vpn

View: New views

6 Messages — Rating Filter: Alert me

	Netscreen vpn by sunnyday-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hello I have configured a dialup vpn and successfully created the tunnel and received ip address but I cannot manage to ping the netscreen`s Trust interface. The ip address the vpn has is 10.250.250.1 and the trust interface is 192.168.10.1. I tried with static routes and policies With no result can you please help me out with this one? Thank you _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] Netscreen vpn by Stefan Fouant :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message There is just not enough information supplied to determine the problem. Is the tunnel interface bound to the Trust zone, or the Untrust zone? If it's bound to the Trust zone and you haven't explicity blocked intrazone traffic then you don't need a policy. Are you using any other Virtual-Routers other than the Trust-VR? If so, you'll need to configure Inter-VR routing. Have you enabled ping on the Trust interface? I think it's enabled by default on the Trust interface but you might want to double check. Can you describe your configuration in more detail? Stefan Fouant On Sat, May 17, 2008 at 6:02 AM, sunnyday <cscosunny@...> wrote: > > > Hello I have configured a dialup vpn and successfully created the tunnel and > received ip address but I cannot manage to ping the netscreen`s > > Trust interface. The ip address the vpn has is 10.250.250.1 and the trust > interface is 192.168.10.1. I tried with static routes and policies > > With no result can you please help me out with this one? > > Thank you > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@... > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] Netscreen vpn by sunnyday-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message I have only the default virtual routers the untrust zone is in trust vr I have configured the vpn and a bidirectional policy: from untrust to trust source dialup vpn destination any action tunnel what do I need to configure next to have access to the local network? -----Original Message----- From: Stefan Fouant [mailto:sfouant@...] Sent: Saturday, May 17, 2008 6:58 PM To: sunnyday Cc: Juniper-Nsp; nn@... Subject: Re: [j-nsp] Netscreen vpn There is just not enough information supplied to determine the problem. Is the tunnel interface bound to the Trust zone, or the Untrust zone? If it's bound to the Trust zone and you haven't explicity blocked intrazone traffic then you don't need a policy. Are you using any other Virtual-Routers other than the Trust-VR? If so, you'll need to configure Inter-VR routing. Have you enabled ping on the Trust interface? I think it's enabled by default on the Trust interface but you might want to double check. Can you describe your configuration in more detail? Stefan Fouant On Sat, May 17, 2008 at 6:02 AM, sunnyday <cscosunny@...> wrote: > > > Hello I have configured a dialup vpn and successfully created the tunnel and > received ip address but I cannot manage to ping the netscreen`s > > Trust interface. The ip address the vpn has is 10.250.250.1 and the trust > interface is 192.168.10.1. I tried with static routes and policies > > With no result can you please help me out with this one? > > Thank you > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@... > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] Netscreen vpn by sunnyday-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message And another question how can I tell to which zone the tunnel interface is bound? -----Original Message----- From: Stefan Fouant [mailto:sfouant@...] Sent: Saturday, May 17, 2008 6:58 PM To: sunnyday Cc: Juniper-Nsp; nn@... Subject: Re: [j-nsp] Netscreen vpn There is just not enough information supplied to determine the problem. Is the tunnel interface bound to the Trust zone, or the Untrust zone? If it's bound to the Trust zone and you haven't explicity blocked intrazone traffic then you don't need a policy. Are you using any other Virtual-Routers other than the Trust-VR? If so, you'll need to configure Inter-VR routing. Have you enabled ping on the Trust interface? I think it's enabled by default on the Trust interface but you might want to double check. Can you describe your configuration in more detail? Stefan Fouant On Sat, May 17, 2008 at 6:02 AM, sunnyday <cscosunny@...> wrote: > > > Hello I have configured a dialup vpn and successfully created the tunnel and > received ip address but I cannot manage to ping the netscreen`s > > Trust interface. The ip address the vpn has is 10.250.250.1 and the trust > interface is 192.168.10.1. I tried with static routes and policies > > With no result can you please help me out with this one? > > Thank you > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@... > https://puck.nether.net/mailman/listinfo/juniper-nsp > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] Netscreen vpn by Stefan Fouant :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message 'get interface' from the CLI or 'Network > Interfaces' from the WebUI. Stefan Fouant On Sat, May 17, 2008 at 12:16 PM, sunnyday <cscosunny@...> wrote: > And another question how can I tell to which zone the tunnel interface is > bound? > > -----Original Message----- > From: Stefan Fouant [mailto:sfouant@...] > Sent: Saturday, May 17, 2008 6:58 PM > To: sunnyday > Cc: Juniper-Nsp; nn@... > Subject: Re: [j-nsp] Netscreen vpn > > There is just not enough information supplied to determine the > problem. Is the tunnel interface bound to the Trust zone, or the > Untrust zone? If it's bound to the Trust zone and you haven't > explicity blocked intrazone traffic then you don't need a policy. Are > you using any other Virtual-Routers other than the Trust-VR? If so, > you'll need to configure Inter-VR routing. Have you enabled ping on > the Trust interface? I think it's enabled by default on the Trust > interface but you might want to double check. Can you describe your > configuration in more detail? > > Stefan Fouant > > On Sat, May 17, 2008 at 6:02 AM, sunnyday <cscosunny@...> wrote: >> >> >> Hello I have configured a dialup vpn and successfully created the tunnel > and >> received ip address but I cannot manage to ping the netscreen`s >> >> Trust interface. The ip address the vpn has is 10.250.250.1 and the trust >> interface is 192.168.10.1. I tried with static routes and policies >> >> With no result can you please help me out with this one? >> >> Thank you >> >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@... >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn
	Re: [j-nsp] Netscreen vpn by Stefan Fouant :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Sounds like you've got most of it set up. If your tunnel interface is bound to the Trust zone and you haven't enabled the blocking of Intra-Zone traffic 'Network > Zones > Edit Trust Zone', then you don't need policy. If that's the case then it's most likely a routing issue... can you display the relevant config bits for the tunnel config, interfaces, zones, routing, and policy? Stefan Fouant On Sat, May 17, 2008 at 12:07 PM, sunnyday <cscosunny@...> wrote: > I have only the default virtual routers the untrust zone is in trust vr > I have configured the vpn and a bidirectional policy: > from untrust to trust > source dialup vpn destination any > action tunnel > what do I need to configure next to have access to the local network? > > -----Original Message----- > From: Stefan Fouant [mailto:sfouant@...] > Sent: Saturday, May 17, 2008 6:58 PM > To: sunnyday > Cc: Juniper-Nsp; nn@... > Subject: Re: [j-nsp] Netscreen vpn > > There is just not enough information supplied to determine the > problem. Is the tunnel interface bound to the Trust zone, or the > Untrust zone? If it's bound to the Trust zone and you haven't > explicity blocked intrazone traffic then you don't need a policy. Are > you using any other Virtual-Routers other than the Trust-VR? If so, > you'll need to configure Inter-VR routing. Have you enabled ping on > the Trust interface? I think it's enabled by default on the Trust > interface but you might want to double check. Can you describe your > configuration in more detail? > > Stefan Fouant > > On Sat, May 17, 2008 at 6:02 AM, sunnyday <cscosunny@...> wrote: >> >> >> Hello I have configured a dialup vpn and successfully created the tunnel > and >> received ip address but I cannot manage to ping the netscreen`s >> >> Trust interface. The ip address the vpn has is 10.250.250.1 and the trust >> interface is 192.168.10.1. I tried with static routes and policies >> >> With no result can you please help me out with this one? >> >> Thank you >> >> _______________________________________________ >> juniper-nsp mailing list juniper-nsp@... >> https://puck.nether.net/mailman/listinfo/juniper-nsp >> > > _______________________________________________ nn mailing list nn@... http://www.compsoc.com/cgi-bin/mailman/listinfo/nn