Hi Vikas,
Thanks for Your reply again.
I will disable the VPN monitor as the other end is able to see Phase 2 Up and able to ping in both directions end-to-end. The remote end is Cisco FWSM and they aren't configuring proxy IDs.
I've configured the below Policies.
set address "Untrust" "Y.Y.Y.Y/29" Y.Y.Y.Y 255.255.255.248
set address "Untrust" "10.0.4.0/24" 10.0.4.0 255.255.255.0
set policy id 98 from "Untrust" to "Untrust" "Y.Y.Y.Y/29" "X.X.X.X1/32" "ANY" permit log
set policy id 98a from "Untrust" to "Untrust" "10.0.4.0/24" "X.X.X.X1/32" "ANY" permit log
set policy id 01 from "Untrust" to "Trust" "Y.Y.Y.Y/29" "10.0.7.0/24" "ANY" permit log
set policy id 01a from "Untrust" to "Trust" "10.0.4.0/24" "10.0.7.0/24" "ANY" permit log
set policy id 03 from "Trust" to "Untrust" "10.0.7.0/24" "Y.Y.Y.Y/29" "ANY" permit log
set policy id 03a from "Trust" to "Untrust" "10.0.7.0/24" "10.0.4.0/24" "ANY" permit log
I have attached a sample screenshot of the GUI, and it doesn't have an option for PFS ? (enable/disable).
I did not check the Proxy-ID check box.
Also, how about allowing more NWs from trust zone from either side through same VPN ?
From SSG end:
Defining destination routes and allowing them in the policies ?
or Do I also need to include them in another proxy id pair ?
Thanks & Regards,
Ishaik