Re: Configuring Route based VPN on 2 site but failed to access server on the...
Hi Gokul, I've run the cmd as your advice and unfotunately no log printed after I've run the last cmd SSG140-> set ff src-ip 10.10.10.27 dst-ip 10.10.10.7 filter addedSSG140-> set ff src-ip...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Hi, First, the filter is set for a different IP, while you are trying to reach 10.20.5.7. The filter will nto capture this traffic.As per your previous post, isn't the server IP 10.10.10.7. Also, the...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
My Apologize.. Wrong place to run ping earlier. Attached is the debug result If you've any thoughts and advice feel free to share, much appreciated! Regards
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Hi, As per the debug, the Firewall is handling the packet as expected. tunnel.1:10.10.20.254/49292->10.10.10.7/1024,1(8/0)<Root> *** Packet reaching the firewall through tunnelPermitted by...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Dear Gokul, Yes, the Src-Nat config still in place. Since the policy is the same as tunnel policy remote site (untrust-bgroup siteA) to server lan (bgroup site B), I've just enable the Src-Nat in the...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Dear Gokul, Thanks for your kind help and advice. I've managed to get the communication established. Now I can ping to the server from site B Solution: On the previous setup, I've enable the Src-NAT...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
You are welcome.. glad that the setup is working now.Sounds like a routing problem indeed. As mentioned earleir, you may leave the NAT in place or add a route on the server, pointing to the FW for...
View ArticleRe: Netscreen 25: VIP port forward failing after adding in second untrusted...
Hi Damien, I would expect the VIPs to fail, as the default rotue on eth3 will no longer be active. Thus, traffic from internet to VIP will be classified as 'spoof'. But, not sure why the debug catches...
View ArticleRIP Configuration Assistance
I'm trying to setup 2 firewalls that currently have a point to point in place. I've configured the 2 endpoints in a /29 network and confirmed connectivity across the links, but I'm not seeing the...
View ArticleRe: Configuring Route based VPN on 2 site but failed to access server on the...
Dear Gokul, Will do as per your advice. Have a pleasant day ahead! Regards,Afif
View ArticleRe: Netscreen 25: VIP port forward failing after adding in second untrusted...
The VIP needs to be on the ingress interface to be triggered correctly. If you want both untrust interfaces to be able to use the VIP, you would need to create a loopback interface, bind both untrust...
View ArticleRe: RIP Configuration Assistance
You need to specify what you want redistributed. With your current config, only RIP routes would be redistributed, which I'm assuming is none. Try set redistribute route-map "InternalRoutes" protocol...
View ArticleRe: RIP Configuration Assistance
Thanks for the quick response. I added this: set vr trust-vrset protocol ripset redistribute route-map "InternalRoutes" protocol connected and now am getting a bit closer. I see the remote subnets...
View ArticleRe: RIP Configuration Assistance
Default preference for RIP is 100, so the static with preference 75 will be more preferred.
View ArticleRe: RIP Configuration Assistance
Sweet, perfect. Thanks. Updated and that corrected it. Confirmed able to ping both ways as expected and route tables look correct on both units now.
View ArticleRe: Netscreen 25: VIP port forward failing after adding in second untrusted...
Here's my routing table trust-vr IP/Netmask Gateway Interface Protocol Preference Metric*192.xxx.xx.0/24 ethernet1 C *192.xxx.xx.1/32 ethernet1...
View ArticleRe: Netscreen 25: VIP port forward failing after adding in second untrusted...
Hi Damien, The debug log - is it complete or tuncated inbetween? The packet is not triggering VIP lookup.But anyhow, the flow will fail because reverse-route validation will fail, in turn triggerng IP...
View ArticleRe: Netscreen 25: VIP port forward failing after adding in second untrusted...
Hi, I fixed this up by swapping the ADSL and VDSL around, so the default routes in and out are on ethernet3, and using a dyndns service for the dynamic ip. Thanks all. regards
View ArticleSource NAT two private IPs through route based VPN
Please give me some advice to solve this puzzle. Network setup: ethernet0/0 IP: 70.20.219.1; two bgroup1 IPs: 70.20.220.30, 70.20.220.35.Both bgroup1 addresses have to be NAT'ed out as 70.20.219.1....
View ArticleRe: Source NAT two private IPs through route based VPN
Hi, The 'use egress interface IP' option will suffice. If it is nto working, I can think of 2 reasons: 1. The packets are actually exiting through a different interface and not eth0/0. Review your...
View Article