Hardware
 » 
Netscreen - General

unsubscribe

View: New views
1 Messages — Rating Filter:   Alert me  

Parent Message unknown unsubscribe

by stratoscape :: Rate this Message:

Reply (Restricted by the Administrator) | Reply to Author | View Threaded | Show Only this Message



-----Original Message-----
From: nn-bounces@... [mailto:nn-bounces@...] On Behalf Of
nn-request@...
Sent: Thursday, March 08, 2007 12:52 AM
To: nn@...
Subject: nn Digest, Vol 23, Issue 2

Send nn mailing list submissions to
        nn@...

To subscribe or unsubscribe via the World Wide Web, visit
        http://qorbit.net/mailman/listinfo/nn
or, via email, send a message with subject or body 'help' to
        nn-request@...

You can reach the person managing the list at
        nn-owner@...

When replying, please edit your Subject line so it is more specific
than "Re: Contents of nn digest..."


Today's Topics:

   1. Forwarding Multicast Packets (Joe Michl)
   2. Re: L2TP Dialup (Martin Schulman)
   3. Re: L2TP Dialup (Jeffy Koh)


----------------------------------------------------------------------

Message: 1
Date: Wed, 7 Mar 2007 09:30:25 -0500
From: "Joe Michl" <JMichl@...>
Subject: [nn] Forwarding Multicast Packets
To: <nn@...>
Message-ID:
        <F543E86A0B415E41806A68AA76E3C7F4014EEBD7@...>
Content-Type: text/plain; charset="us-ascii"

Hello, I am having an issue with one of our NS5GTs that is installed on
a LAN behind a clients firewall.  The untrusted port is on a
172.16.0.0/16 network with a VOIP phone system that is sending multicast
packets to 224.0.1.59.  Our Netscreen is routing those packets back to
the gateway and causing unnecessary and increase traffic on the network.
I have tried to create a policy to deny this traffic, but it does not
work.

 

If someone has solution that will prevent the Netscreen from routing
these packets that I can try it would be appreciated.

 

Thanks,

 

Joe Michl

TelVue Corporation

16000 Horizon Way

Suite 500

Mt. Laurel, NJ 08054

Phone: 856-273-8888

Fax: 856-866-7411

E-mail: jmichl@...

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.qorbit.net/nn/attachments/20070307/6130f9a5/attachment-0001.html

------------------------------

Message: 2
Date: Wed, 7 Mar 2007 15:50:05 -0500
From: "Martin Schulman" <mschulma@...>
Subject: Re: [nn] L2TP Dialup
To: "Jeffy Koh" <jeffy.koh@...>, "Kai Krebber"
        <Kai.Krebber@...>
Cc: John Cameron <John.Cameron@...>, nn@...
Message-ID: <024d01c760fa$2f991300$aa0211ac@Acer8104>
Content-Type: text/plain; charset="iso-8859-1"

This appears to be the same problem I asked about two months ago...

http://www.qorbit.net/nn/Jan-2007/4333.html

It would be nice if a lurker from Juniper offered a definitive response
specific to one or more software versions.  Do they consider the Windows XP
SP2 NAT traversal implementation broken?  Or did they do something special
to work with the Safenet client?


                                                                Marty

  ----- Original Message -----
  From: Jeffy Koh
  To: Kai Krebber
  Cc: John Cameron ; nn@...
  Sent: Wednesday, March 07, 2007 8:39 AM
  Subject: Re: [nn] L2TP Dialup


  Guys,

  I manage to get it work by using certificate but the Internet connection
must be direct. It will fail if there is a router or NAT in front of the
Windows Client. Useless technology...

  regards,
  Jeffy Koh

   
  On 3/6/07, Kai Krebber <Kai.Krebber@...> wrote:

    Hi, John!

    Found a pdf describing exactly, what I was looking for. Only it doesn't
work. If I set up the windows-client as descript, I doesn't even try to
start ike negotiations. Instead I directly get an error 768 (faulty
encryption) as soon as I hit the 'connect' button.
    I assume Windows doesn'r know, what certificates to use for the
connection and I don't find the part of the configuration where I can link
the appropriate certificates to the vpn connection.

    To make matters worse, I can't even ping the Netscreen (WAN) anymore. It
looks like windows is trying to negotiate ipsec already although I'm not
trying to use the vpn.

    I know that this is gliding a bit off topic since the problems seem to
lie on the windows side and not the netscreen. I still hope, somebody got
those two up and running with l2tp over ipsec with certs and can help me out
here.
    Cheers,
           Kai

    -----Urspr?ngliche Nachricht-----
    Von: John Cameron [mailto:John.Cameron@...]
    Gesendet: Dienstag, 6. M?rz 2007 13:11
    An: Kai Krebber; Badu Jack
    Cc: nn@...
    Betreff: RE: [nn] L2TP Dialup

    I have seen that error before when I was setting up a remote vpn via the
NS remote client.

    The problem was the policy was not higher up in the order.

    I remember reading how to set something up like that with Windows and
certs at http://www.netscreenforum.com/ - Do a search. Then again it may
have been somewhere else.

    John

    -----Original Message-----
    From: nn-bounces@... [mailto:nn-bounces@...] On Behalf Of
Kai Krebber
    Sent: Tuesday, 6 March 2007 10:35 PM
    To: Badu Jack
    Cc: nn@...
    Subject: Re: [nn] L2TP Dialup

    Hi!

    Seems impossible to me. According to Netscreen Article KB6865,
    One has to use certificates with native WinXP, but I can't get it
    Working. Also there are rumours of successful connections, I didn't
    find any step by step guide for both sides (NS and XP) using
    dynamic client IP and certs.
    My Netscreen always complains:
    Rejected an IKE packet ... because the peer sent a packet with a
    message ID before Phase 1 authentication was done.
    My certs work fine with the NS remote-client (i.e. the certs are not
    the problem)

    So I assume Juniper boycotts the native XP-Capabilities to sell their
Client
    (please prove me wrong, anybody).

    Cheers,
           Kai


    -----Urspr?ngliche Nachricht-----
    The second question is, is it possible to use winxp for remote dialup to

    connect with the
    NS-5GT using IPSEC and L2TP dialup protocols.

    Cheers

    _________________________________________________________________
    nn mailing list
    nn@...
    http://qorbit.net/mailman/listinfo/nn
    _______________________________________________
    nn mailing list
    nn@...
    http://qorbit.net/mailman/listinfo/nn
    _______________________________________________
    nn mailing list
    nn@...
    http://qorbit.net/mailman/listinfo/nn





----------------------------------------------------------------------------
--


  _______________________________________________
  nn mailing list
  nn@...
  http://qorbit.net/mailman/listinfo/nn
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://www.qorbit.net/nn/attachments/20070307/9e437cd9/attachment-0001.html

------------------------------

Message: 3
Date: Thu, 8 Mar 2007 07:50:10 +0800
From: "Jeffy Koh" <jeffy.koh@...>
Subject: Re: [nn] L2TP Dialup
To: "Martin Schulman" <mschulma@...>
Cc: John Cameron <John.Cameron@...>, nn@...
Message-ID:
        <560b7250703071550x4ecb7e44v7f30a01926436727@...>
Content-Type: text/plain; charset="iso-8859-1"

Netscreen Firmware 5.3 is not working also. Anyone have tried 5.4?

On 3/8/07, Martin Schulman <mschulma@...> wrote:
>
>  This appears to be the same problem I asked about two months ago...
>
> http://www.qorbit.net/nn/Jan-2007/4333.html
>
> It would be nice if a lurker from Juniper offered a definitive response
> specific to one or more software versions.  Do they consider the Windows
XP

> SP2 NAT traversal implementation broken?  Or did they do something special
> to work with the Safenet client?
>
>                                                                 Marty
>
>
>  ----- Original Message -----
> *From:* Jeffy Koh <jeffy.koh@...>
> *To:* Kai Krebber <Kai.Krebber@...>
> *Cc:* John Cameron <John.Cameron@...> ; nn@...
> *Sent:* Wednesday, March 07, 2007 8:39 AM
> *Subject:* Re: [nn] L2TP Dialup
>
>
> Guys,
>
> I manage to get it work by using certificate but the Internet connection
> must be direct. It will fail if there is a router or NAT in front of the
> Windows Client. Useless technology...
>
> regards,
> Jeffy Koh
>
>
> On 3/6/07, Kai Krebber <Kai.Krebber@...> wrote:
> >
> >
> > Hi, John!
> >
> > Found a pdf describing exactly, what I was looking for. Only it doesn't
> > work. If I set up the windows-client as descript, I doesn't even try to
> > start ike negotiations. Instead I directly get an error 768 (faulty
> > encryption) as soon as I hit the 'connect' button.
> > I assume Windows doesn'r know, what certificates to use for the
> > connection and I don't find the part of the configuration where I can
link
> > the appropriate certificates to the vpn connection.
> >
> > To make matters worse, I can't even ping the Netscreen (WAN) anymore. It
> > looks like windows is trying to negotiate ipsec already although I'm not
> > trying to use the vpn.
> >
> > I know that this is gliding a bit off topic since the problems seem to
> > lie on the windows side and not the netscreen. I still hope, somebody
got
> > those two up and running with l2tp over ipsec with certs and can help me
out

> > here.
> > Cheers,
> >        Kai
> >
> > -----Urspr?ngliche Nachricht-----
> > Von: John Cameron [mailto:John.Cameron@...]
> > Gesendet: Dienstag, 6. M?rz 2007 13:11
> > An: Kai Krebber; Badu Jack
> > Cc: nn@...
> > Betreff: RE: [nn] L2TP Dialup
> >
> > I have seen that error before when I was setting up a remote vpn via the
> > NS remote client.
> >
> > The problem was the policy was not higher up in the order.
> >
> > I remember reading how to set something up like that with Windows and
> > certs at http://www.netscreenforum.com/ - Do a search. Then again it may
> > have been somewhere else.
> >
> > John
> >
> > -----Original Message-----
> > From: nn-bounces@... [mailto:nn-bounces@...] On Behalf Of
> > Kai Krebber
> > Sent: Tuesday, 6 March 2007 10:35 PM
> > To: Badu Jack
> > Cc: nn@...
> > Subject: Re: [nn] L2TP Dialup
> >
> > Hi!
> >
> > Seems impossible to me. According to Netscreen Article KB6865,
> > One has to use certificates with native WinXP, but I can't get it
> > Working. Also there are rumours of successful connections, I didn't
> > find any step by step guide for both sides (NS and XP) using
> > dynamic client IP and certs.
> > My Netscreen always complains:
> > Rejected an IKE packet ... because the peer sent a packet with a
> > message ID before Phase 1 authentication was done.
> > My certs work fine with the NS remote-client (i.e. the certs are not
> > the problem)
> >
> > So I assume Juniper boycotts the native XP-Capabilities to sell their
> > Client
> > (please prove me wrong, anybody).
> >
> > Cheers,
> >        Kai
> >
> >
> > -----Urspr?ngliche Nachricht-----
> > The second question is, is it possible to use winxp for remote dialup to
> >
> > connect with the
> > NS-5GT using IPSEC and L2TP dialup protocols.
> >
> > Cheers
> >
> > _________________________________________________________________
> > nn mailing list
> > nn@...
> > http://qorbit.net/mailman/listinfo/nn
> > _______________________________________________
> > nn mailing list
> > nn@...
> > http://qorbit.net/mailman/listinfo/nn
> > _______________________________________________
> > nn mailing list
> > nn@...
> > http://qorbit.net/mailman/listinfo/nn
> >
>
>  ------------------------------
>
> _______________________________________________
> nn mailing list
> nn@...
> http://qorbit.net/mailman/listinfo/nn
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.qorbit.net/nn/attachments/20070307/e3fb0f19/attachment.html

------------------------------

_______________________________________________
nn mailing list
nn@...
http://qorbit.net/mailman/listinfo/nn


End of nn Digest, Vol 23, Issue 2
*********************************

_______________________________________________
nn mailing list
nn@...
http://qorbit.net/mailman/listinfo/nn
LightInTheBox - Buy quality products at wholesale price
Free Forum Powered by Nabble Forum Help