Re: VPN Client Tunnel all traffic option does not work
For the ip address pool you are entering a range of addresses. These addresses are used on the client at connect time and will be the source address of those internet requests that are not currently...
View ArticleRe: VPN Client Tunnel all traffic option does not work
That is exactly what I did. I created an address with the whole range actually of the adresses from my pool.Created a policy. Enabled NAT. Still nothing.To clarify: my pool for the vpn is...
View ArticleRe: VPN Client Tunnel all traffic option does not work
The zone for the pool addresses will be the same zone used for the local side of your VPN policy where you changed the address to 0.0.0.0/0. The internet side is usually called untrust. To clarify: my...
View ArticleRe: VPN Client Tunnel all traffic option does not work
What would it be then for 192.168.11.50-192.168.11.55?Also 192.168.11.48/29?
View ArticleRe: VPN Client Tunnel all traffic option does not work
Yes that is correct. You can google subnet calculator to find only where the boundaries are for any particular range of addresses.
View ArticleRe: VPN Client Tunnel all traffic option does not work
Then it still does not work. Only local network is available.
View ArticleRe: VPN Client Tunnel all traffic option does not work
Try using the built in address dial up as the source in the internet access trust to untrust policy with nat. Also try changing the order of the policies on the list in the trust to untrust policy list
View ArticleRe: VPN Client Tunnel all traffic option does not work
If I use the "Dial up vpn" address in the source entry (I guess that is what you mean), I get a message "Dialup-VPN must use IPSEC or L2TP in policy".I have the policy on top.
View ArticleRe: SSG5 keeps dropping connection to Shaw modem
Shaws modem is in bridged mode. I inherited this network so not sure of all the settings are correct but it was working and then just stopped out of the blue. Shaw ISP had been going around and...
View ArticleRe: SSG5 keeps dropping connection to Shaw modem
We service providers like to eliminate firewalls when testing that is why the laptop connection test failing was particularly bad for Shaw. So they keep modifying that test to get one to work and wash...
View ArticleClik here to view.
IPsec VPN not passing traffic
Hi, We have two networks that we need to connect with a VPN connection. The remote network is in AWS with the IP range 10.0.0.0/16 and our lokal network has the IP range 192.168.53.0/24. AWS kindly...
View ArticleRe: IPsec VPN not passing traffic
Hi, Is AWS pushing a route for 10.0.x.x network to you via BGP?Can you share the output of 'get route' from the SSG? You may also want to advertise the 192.168.1.x network to AWS for return traffic...
View ArticleClik here to view.
Re: IPsec VPN not passing traffic
Hi Gokul, Thanks for the reply. Yes as far as I understand it AWS should be pushing 0.0.0.0/0 through the VPN. We have enabled route propagation for the two route tables that go with our VPC. Just in...
View ArticleRe: IPsec VPN not passing traffic
hi christopher, can you please post the ike errors from your ssg? if this is an ike gateway timeout then clearly its a routing issue. based on my experience with SRX vpn towards Azure, the...
View ArticleRe: IPsec VPN not passing traffic
Hi dwayne, It doesn't seem to be an ike gateway timeout. When looking at the event log, I can't see any issues with it. The event log can be seen below. 2019-05-04 08:36:18 system info 00542 BGP peer...
View ArticleRe: IKE V2 NOTIFY_MSG_NAT_DETECTION_DESTINATION_IP
Did anyone get this working ? I am trying to setup Azure Route VPN with SSG5 ( with 6.1 software however - I realise that only 6.2 is verified with Azure) set sa-filter <Azure VPN IP>debug ike...
View ArticleRoute based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi All, I'm looking for some help and guidance regarding an issue with Route based IPSEC VPN Config between SSG-550M and Cisco ASA. From the get sa output, its A/D, however traffic is passing through...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi, If your query is about A/D then please cehck below from KB :https://kb.juniper.net/InfoCenter/index?page=content&id=KB6134&actp=METADATA A/D: VPN tunnel is Active, but the link (detected...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Vikas, Thanks for Your reply. I had allowed the ping inbound before vpn config. And I was able to ping the remote end GW IP as well. Yes, the remote end device is not Netscreen/Juniper, its Cisco...
View ArticleRe: Route based IPSEC VPN Config between SSG-550M and Cisco ASA
Hi Ishaik, You should be able to use DH group under below stanza and call this proposal in your VPN config. >set ike p2-proposal test ? ah AH protocol esp ESP protocol group1 DH Group 1 group14 DH...
View Article