Re: SSG5 no VPN connection possible
OK, progress!Found out that actually my client firewall is blocking the traffic.So disabled the fw, now the Shrew soft displays: "attached to key daemon ...peer configurediskamp proposal configuredesp...
View ArticleRe: SSG5 no VPN connection possible
Got it. The adapter mode in the client config has to be set to "use a virtual adapter...."Yeaah, thank you for your support!
View ArticleRe: SSG5 no VPN connection possible
Great, glad it is working now!Please mark this thread as resolved, which might help other users whi might run into similar issues.
View ArticlePass multiple subnets through the SSG-20?
I have an SSG-20 with multiple public subnets. One is external, the others are internal. Substitution addresses here for convenience. Eth 0/0 - 1.1.1.1/28Bgroup0 - 192.168.250.1/24Subnets behind SSG -...
View ArticleRe: Pass multiple subnets through the SSG-20?
Are you saying that the 2, 3 & 4 networks are NOT on any SSG interface but you simply have a route forwarding that traffic to another router or firewall? If so, what is the return route situation...
View ArticleSRX to SRX VPN with self signed certificates
Hi,I’m looking to create a VPN between 2 SRX devices. I want to use self signed certificates to authenticate the VPN. Does anyone know the procedure for this?
View ArticleRe: Pass multiple subnets through the SSG-20?
Yes. It is a pyramid structure. 1 |-------|-------| 2 3 4 The ISP routes 2, 3, 4 with next hop of 1. 2, 3, 4 manage their own firewalls/routers and expose their own IPs....
View ArticleRe: Pass multiple subnets through the SSG-20?
Sorry for not being clear. What I mean ---the subnets 2, 3, 4Is there an interface on the SSG that is in these subnets? Or is there another subnet different from 2,3,4 on the SSG and the downstream...
View ArticleRe: Pass multiple subnets through the SSG-20?
No, the SSG does not have interfaces in these subnets. It does have static routes (transport networks).
View ArticleRe: Pass multiple subnets through the SSG-20?
What I understand is that you are able to reach 2 3 and 4 from the bgroup IF, but not from 1 subnet. Is that right? Sounds to me like a routing issue, what Steve mentioned in his initial post. Do the...
View ArticleRe: Pass multiple subnets through the SSG-20?
A simple test - on the policy where you see traffic on one side - enable Source-NAT > Use egress interface IP (under Advanced section of policy config). If this is a routing issue on your internal...
View ArticleRe: Pass multiple subnets through the SSG-20?
thanks for the confirmation. Then I suspect as noted in my first post this might be a return route situation on the connected routers. Is the SSG the default route on these three connected devices?...
View ArticleRe: Pass multiple subnets through the SSG-20?
I added another test. I added DNAT to the inbound policy: From Untrust Any to Trust 2.2.2.2 DNAT egress interface It works, but of course, the traffic now has the wrong source address. Yes, the other...
View ArticleRe: Pass multiple subnets through the SSG-20?
Thought a drawing of the plan might help...
View ArticleRe: Pass multiple subnets through the SSG-20?
You have the downstream devices pictured as firewalls in the diagram. If they are, do those firewalls have a policy that allows the inbound connection from any address via their zone facing the SSG....
View ArticleRe: Pass multiple subnets through the SSG-20?
Thank you all for your thoughts. We have gotten the network to flow. The strangeness now, is that only the first 32 IP addresses pass (.1 - .31). Trying to find that needle now.
View ArticleRe: Pass multiple subnets through the SSG-20?
Do the other address show up in the policy logs?
View ArticleRe: Pass multiple subnets through the SSG-20?
Finally found an issue on the ISP side (bad route). Now all traffic is passing as anticipated. Thank you all for your feedback.
View Article
